MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551
SHA3-384 hash: b1e33859f34577433359854bbeb42a1ef93d63b5df01dc9bb91224ddbaa7fff5251b4f0c63ff70d49d5022164bdc25c0
SHA1 hash: 91016af9c6c9129b5f68cdd1e0215ad61a274a6b
MD5 hash: cfc8363b04abf8fb9e65ccd10c984294
humanhash: princess-princess-hot-foxtrot
File name:CUD--Quotation_list_182027.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:733'184 bytes
First seen:2026-05-20 17:19:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'954 x AgentTesla, 19'864 x Formbook, 12'319 x SnakeKeylogger)
ssdeep 12288:u8oGiaeommn6HKwL3I2tDzvMaoA/O9Yci7Hw8sdh8ZAGO:uglmUuL3NPJmB38O8Zi
Threatray 2'948 similar samples on MalwareBazaar
TLSH T1E8F4F119FE27E006F46422B707A1EA7933681DAC61C1C2B5BEF5EEDB759D6000F63162
TrID 73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win64 Executable (generic) (6522/11/2)
4.5% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
dhash icon 4c36f2cca3dc949c (8 x SnakeKeylogger, 2 x MassLogger, 2 x a310Logger)
Reporter TomU
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4c9d716d8c294c6122580ce68e4b58b868b113d18f8d406030fd2d82d160be4c.zip
Verdict:
Malicious activity
Analysis date:
2025-08-01 10:06:13 UTC
Tags:
arch-exec evasion snake keylogger telegram stealer
Link:
https://app.any.run/tasks/9d95de24-fc88-4e82-93ba-b03e3f36842b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
VIPKeyLogger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/66787/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0df2954159ce11f601d3c0
Tags:
backdoor micro hype
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Launching a service
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bitmap crypt krypt obfuscated packed packed reconnaissance roboski snakestealer stego
Link:
https://www.filescan.io/uploads/6a0def8f875badc3b38eb06a/reports/e8fa7362-3e7e-430f-89f8-8f60cfc8801d/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551
Malware family:
KeyBase
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/27490ec2-971e-4c2f-8b65-33707ee704b1
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551/
Threat name:
Win32.Trojan.BPLogger
Create hunting rule
Status:
Malicious
First seen:
2025-08-01 08:46:46 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
28 of 36 (77.78%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
vipkeylogger
Create hunting rule
Similar samples:
948a49335d8343153b509abbad3880b9f7a7c18c133551c638ea026c73a6226e
SnakeKeylogger
a940014a730129f95371c84c982bcbf378586e7afd6eb2f3d0acaf0d15a8ded4
SnakeKeylogger
b56564440c97e239fae221a1bcc221e620beac2117a81f05bed47936f51f86c5
SnakeKeylogger
c1ab205e02f0a5b78498a1d3b0175a420d2b8123cfa4310d530e314686630f93
SnakeKeylogger
f6af1b0db9e832d425fbc52ca57b650378c92400aaf3f138a1ec367de0ec0ef6
SnakeKeylogger
+ 2'938 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:vipkeylogger discovery keylogger stealer
Link:
https://tria.ge/reports/260520-vwvtbsex7l/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Looks up external IP address via web service
Family: VIPKeylogger
Unpacked files
SH256 hash:
097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551
MD5 hash:
cfc8363b04abf8fb9e65ccd10c984294
SHA1 hash:
91016af9c6c9129b5f68cdd1e0215ad61a274a6b
Link:
https://www.unpac.me/results/7d813152-1317-4ce7-91c2-f167e9030cb2/
SH256 hash:
997767038a47666f2f52cbcf7755357e7ea9015692d7bebea415f8b26838a1b4
MD5 hash:
15067338f97bc24cc2ac550e51a9dcb5
SHA1 hash:
44882ee8f9ff92edf6a75f61850e9036d857464b
Link:
https://www.unpac.me/results/7d813152-1317-4ce7-91c2-f167e9030cb2/
SH256 hash:
9f0b63aa583761bb9af12a3ee2d448506680401caba67d06cce18096ee385ffa
MD5 hash:
dd572f0071fbf6bba775fbf7ef7198a1
SHA1 hash:
b318b861d968dff967bc1770a45a86612abd9f81
Link:
https://www.unpac.me/results/7d813152-1317-4ce7-91c2-f167e9030cb2/
SH256 hash:
35e7225fea67de12a03b13bd25124d173d66d882f5d68b59eb8455c9f16e546a
MD5 hash:
bdd7858efac937a99b1acc590d63ef5d
SHA1 hash:
b7411666cfee1439abba8b46959031a70203f344
Detections:
win_404keylogger_g1
Create hunting rule
triage_snakekeylogger_infostealer
Create hunting rule
Link:
https://www.unpac.me/results/7d813152-1317-4ce7-91c2-f167e9030cb2/
Parent samples :
8b11fcca89381e3f89964db156074fb4d4a00a5b0963010fd9396a2463e84034
f1c4b423031489d5ea36e682f729f981789e020dccca81ea7b2bfceef1ee62cd
5ad3f15faf80e24a6c002f577b2b00b2039eec0d19f848cfcfeea9d494ef83dc
2b2ae966d34a67db06f6538a4f9c0b091899546beabbc4f28bbb23e5de7b9c69
593b2dd3e7a1806f5f97341c297792834c28f57fb95e33c4528c733a9fed4c73
097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 097d0a821622e09b00eea461e563706e60bc9f5b7bdb5bbd6475ff31f85d6551

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/66787/

Comments