MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnappyClient


Vendor detections: 5


Intelligence 5 IOCs YARA 24 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9
SHA3-384 hash: 7742a4fae2f57293633cbe22c5806443a87784fd54fe562d917aac60eac3563195fb3bec391d0709748eff0ad9a25508
SHA1 hash: e7e0f01aa8c1d04c6fe192192cc3268645cb61ad
MD5 hash: 6def1505193fcc2bf2e3de8037143765
humanhash: chicken-early-king-stream
File name:289284235475738274.zip
Download: download sample
Signature SnappyClient
Create hunting rule
File size:16'302'702 bytes
First seen:2026-05-15 20:55:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:u7CrJyRtzBCC7qSj3sfVCqtAQToDT38Ig5LpjJ0Ho:xrJadCKj3g0qthoH38Ig5pJ0Ho
TLSH T1F8F6338E88E1181D834B593CD8211E84E74A32BAA7D39AB1F694A6FF54C713F546F07C
Magika zip
Reporter aachum
Tags:178-104-222-124 dropped-by-ACRStealer SnappyClient zip


Avatar
iamaachum
https://ggx-tn-connectir.unwittingdork.digital/289284235475738274

SnappyClient C2: 178.104.222.124:443

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
ES ES
File Archive Information

This file archive contains 35 file(s), sorted by their relevance:

File name:_wmi.pyd
File size:35'160 bytes
SHA256 hash: de32dfad8d0545fb6354323fcf71685c042f681d477359623ae35a74030a7d45
MD5 hash: 284c49c058b9bcbda7f43c288047dfb5
MIME type:application/x-dosexec
Signature SnappyClient
File name:python313._pth
File size:80 bytes
SHA256 hash: 35ddf94682ff9aa713a8d63557242ad00f3f28fdd39337f02c3bda4c0f791577
MD5 hash: c23ad35e55e5b1a71ee2e9dd97723749
MIME type:text/x-objective-c
Signature SnappyClient
File name:python313.zip
File size:3'803'666 bytes
SHA256 hash: bcf945d3a976fbca2cfba1e92639a5e696eb3948f8d49bd5cf41406dac9a51ac
MD5 hash: 0f3768c4f90bec01c84007c3fa9fbea7
MIME type:application/zip
Signature SnappyClient
File name:_socket.pyd
File size:76'120 bytes
SHA256 hash: 14488b5957484f77fca93cfe4528be808456c4982f02a0ca411336c110f565c8
MD5 hash: d9a05aa8a957b44db3e3312b704ee2cd
MIME type:application/x-dosexec
Signature SnappyClient
File name:_asyncio.pyd
File size:64'344 bytes
SHA256 hash: 96d97ec6cb2662c9b02d774bb1cd3b1873375d10029034ad6e77390e4d4a2799
MD5 hash: 948cd1f07ebcf64834a2b7c94c9b18a0
MIME type:application/x-dosexec
Signature SnappyClient
File name:_ctypes.pyd
File size:121'176 bytes
SHA256 hash: 66fe5d9a61077d924cc569911e3fdf9d5c898ec6d5827fe62c100a0997edaa23
MD5 hash: e0ded49e824e26620d55fbc3feac6bb6
MIME type:application/x-dosexec
Signature SnappyClient
File name:pythonw.exe
File size:102'744 bytes
SHA256 hash: af6c60a43228faf9280da2c4b12c628759cb692b425ca7bf1da4ac68d60bcad5
MD5 hash: 0930048e3c995a62bbff5769fb26102e
MIME type:application/x-dosexec
Signature SnappyClient
File name:_queue.pyd
File size:31'576 bytes
SHA256 hash: b98ad834964e27a670b5d82c549961e322146bd74cc49e54b9b807721d88fd60
MD5 hash: bd023ffe7cc63ec84190f46f46aba8c8
MIME type:application/x-dosexec
Signature SnappyClient
File name:_hashlib.pyd
File size:55'128 bytes
SHA256 hash: 8a773b510133399fb6cc3abe364e4385596a7bf4e286d35dc581156de14a5bea
MD5 hash: aaa6ebfd723d0bbfb472a2a36a642efb
MIME type:application/x-dosexec
Signature SnappyClient
File name:_uuid.pyd
File size:25'944 bytes
SHA256 hash: 4301c6dee2178697392779617166b3307abe2db5832bc06d35df232c155f1de3
MD5 hash: 36aa485e4a668f1eea329eae5270f6b0
MIME type:application/x-dosexec
Signature SnappyClient
File name:_decimal.pyd
File size:237'400 bytes
SHA256 hash: b0e42e3b445a23789ff67e29067ae7d4964e57ded681dac6b5743d25b9de3420
MD5 hash: 9f4aee93b92c1d2208e8a084563da853
MIME type:application/x-dosexec
Signature SnappyClient
File name:_elementtree.pyd
File size:124'248 bytes
SHA256 hash: 9dd14d1326446726b028d151531e8f09bcce96fd9986027c5329b61db927b4d9
MD5 hash: 08cb72d15993daff09c66c93a37d51c9
MIME type:application/x-dosexec
Signature SnappyClient
File name:libffi-8.dll
File size:35'088 bytes
SHA256 hash: b982741576a050860c3f3608c7b269dbd35ab296429192b8afa53f1f190069c0
MD5 hash: 74d2b5e0120a6faae57042a9894c4430
MIME type:application/x-dosexec
Signature SnappyClient
File name:python3.dll
File size:72'024 bytes
SHA256 hash: 671f96a113ab4bd459da07abdd0e3d2d1a98ff5bccdf016eb3467716754e3b9a
MD5 hash: 450bc9027681bc613ad711d027ebb971
MIME type:application/x-dosexec
Signature SnappyClient
File name:ruf2po2suq5
File size:6'724'788 bytes
SHA256 hash: e5f3266391596010aa3dc05afb32ecb71dcb5072110725ab911808dca1e564b5
MD5 hash: 07304ad3294fa163976db898444f7a0f
MIME type:application/zip
Signature SnappyClient
File name:_multiprocessing.pyd
File size:32'600 bytes
SHA256 hash: fb8cc99dc6d41813ffccaf0c3091a27e650d3db78ba3110402ed03889cd47591
MD5 hash: 8ea2bcbab0391b90c0386735fef5631b
MIME type:application/x-dosexec
Signature SnappyClient
File name:pyexpat.pyd
File size:192'856 bytes
SHA256 hash: e35953a0793822d3122a46ab3476e9b99476b13235af8177ec1c0072e3321adc
MD5 hash: 990713d07b1b0054518b541c961be2ff
MIME type:application/x-dosexec
Signature SnappyClient
File name:_bz2.pyd
File size:83'800 bytes
SHA256 hash: 7592e0beb0058d1c9a3d14bee59335bf45859364158ebc3aaa79a1a23c06542d
MD5 hash: e6cd0c371c7de1ce0ae2d6e3a04f2652
MIME type:application/x-dosexec
Signature SnappyClient
File name:vcruntime140.dll
File size:90'192 bytes
SHA256 hash: bf33857f46e56ea7930c1eea25c5f7175a6aaa3df36bf8301a785e6ca726a0b9
MD5 hash: c33386a6e67be415a24d9c431ffd42ac
MIME type:application/x-dosexec
Signature SnappyClient
File name:python313.adml
File size:56'953 bytes
SHA256 hash: 65f5ccb85fd6a42160e710dc3f0cbf6e92dbd427891635f8e3d7de1ea864459f
MD5 hash: b404ca8d28b4b715d56487b67ff503e3
MIME type:text/plain
Signature SnappyClient
File name:libssl-3.dll
File size:639'856 bytes
SHA256 hash: 0e94dea4cb79f8cfe2799bb75ed6445f7c55b2ca269e521c69acaacb44488992
MD5 hash: 803f8a3497d5259058e3377d022a08da
MIME type:application/x-dosexec
Signature SnappyClient
File name:_overlapped.pyd
File size:46'936 bytes
SHA256 hash: 0e901d557edded116ab0fae509da90cd9ead3bc1697049b873f1fee141d4f8b8
MD5 hash: b413df5756078d3f1bf9c16f21349667
MIME type:application/x-dosexec
Signature SnappyClient
File name:_zoneinfo.pyd
File size:44'888 bytes
SHA256 hash: a2f477cd0a5ee72f42eac924ea4f4d18da2d6468b45cdf8cd4be7eb358d4b3cd
MD5 hash: 00a811bd1c5dca91539fdc3d3d71e33d
MIME type:application/x-dosexec
Signature SnappyClient
File name:_ssl.pyd
File size:162'648 bytes
SHA256 hash: 3ae2529e7d31a3510db6b7716e64e71b94a950abd6922e2d48f237c9cb6dcd41
MD5 hash: a3f99ca2eb544235aa0d6079beb1e9b6
MIME type:application/x-dosexec
Signature SnappyClient
File name:libcrypto-3.dll
File size:3'505'520 bytes
SHA256 hash: 0c0759401043b4f75fc51ca325e14130836d4b081c31afdb896f6b43e50e4dea
MD5 hash: 918312bf653b77a6d698e63acee267a9
MIME type:application/x-dosexec
Signature SnappyClient
File name:sqlite3.dll
File size:1'297'240 bytes
SHA256 hash: 7b6b87a809198b5a2d4b38f315483d2d90b2c3a01b3a909cbfb8980b403cb9ec
MD5 hash: 4b07758cb5dd495537de3ce6d4157aa9
MIME type:application/x-dosexec
Signature SnappyClient
File name:select.pyd
File size:30'040 bytes
SHA256 hash: 302b890095bf69dcd7ac4f8f8054817ed5833e9d5723d15d21282d605a065336
MD5 hash: 4f1a4265d9bd2f785119b6ed7c4541b1
MIME type:application/x-dosexec
Signature SnappyClient
File name:winsound.pyd
File size:29'528 bytes
SHA256 hash: 6c31b153c6d2b2614cd2f1b1cad6f5335924e710fc050f5e5cfebaccac917a85
MD5 hash: a85e045831b118da69bafb61fd89c029
MIME type:application/x-dosexec
Signature SnappyClient
File name:2
File size:1'349 bytes
SHA256 hash: 13160d8e413f8a06f47aec8b20edc6ea5d63b63190f77ae9a1ec1bed7195da79
MD5 hash: 7ef51f60309aa7899efdfed89aa1ad6f
MIME type:text/xml
Signature SnappyClient
File name:python313.dll
File size:5'510'488 bytes
SHA256 hash: 3672f6d2b81dac7fa1e6320f81a6c84f97672ead2fac0650b881133eace95efa
MD5 hash: c54e1220daa3b25b91c4d69f1bb8d01a
MIME type:application/x-dosexec
Signature SnappyClient
File name:LICENSE.txt
File size:33'861 bytes
SHA256 hash: 62bec384df47b0328307db41455ff6ea2559e5546b394ac69148561b21703120
MD5 hash: a1eed141ca8c9e45c8e85f8387c2e6f2
MIME type:text/plain
Signature SnappyClient
File name:python.cat
File size:574'773 bytes
SHA256 hash: 16277bcccf3e3a3aebb89bc7f338d38171944710f001eb09f9722e234623a52e
MD5 hash: 75c8fe5f468e2f82c0370478c0b49696
MIME type:application/octet-stream
Signature SnappyClient
File name:unicodedata.pyd
File size:703'320 bytes
SHA256 hash: 2782cdf7bdb40551602047cf8b0b4ad80a69369a7fdd9e2e63ed49eddb511832
MD5 hash: 71698b89a94d6da591e39c46a78be5b9
MIME type:application/x-dosexec
Signature SnappyClient
File name:_sqlite3.pyd
File size:102'744 bytes
SHA256 hash: c1b56f8e3b6036245add4a8e0bb1976e67a5ff6f4e34f9b54185b746d1fd5044
MD5 hash: 364db9f29e16e9601172f589e74ff9f9
MIME type:application/x-dosexec
Signature SnappyClient
File name:_lzma.pyd
File size:147'800 bytes
SHA256 hash: 64fdcc82b193c600844f551c7415c23e647a57b7a2bbaed0df68d697c47ff1b7
MD5 hash: 43592d98999e6669931cc643ec1eebff
MIME type:application/x-dosexec
Signature SnappyClient
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/8f1282c1-c51a-45a9-9b62-c5626f2a1573/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0788d746d6967b3d90963b
Tags:
n/a
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9/results?tab=lookup
Score:
31%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/6def1505193fcc2bf2e3de8037143765
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-15 20:56:29 UTC
File Type:
Binary (Archive)
Extracted files:
1221
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fuafo4yvit5yldkpph2loiubnutjqd6z4rx5ytp3auidemneixmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:msix_file
Create hunting rule
Author:Stuart Gonzalez
Description:Detection for .msix files
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:WHIRLPOOL_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for WhirlPool constants
Rule name:Win_FakeInstaller_PythonShellcodeLoader_Crepectl_2026
Create hunting rule
Author:SixHands
Description:Detects the analyzed fake installer sample using .key config, XOR key, and Python/fiber shellcode loader traits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SnappyClient

PowerShell (PS) ps1 0b8423be8dc7d6eaacafdf0f15fe7e901f8c32c628837f0dc18cb1310e4f03a2

SnappyClient

zip 2d0057731544fb858d4f79f4b722816d26980fd9e46fdc4dfb05103231a445d9

(this sample)

  
Link
https://tria.ge/260515-zgzk7afy2t/behavioral1
  
Dropped by
ACRStealer
  
Dropped by
SHA256 0b8423be8dc7d6eaacafdf0f15fe7e901f8c32c628837f0dc18cb1310e4f03a2
  
Delivery method
Distributed via web download
  
Dropped by
MD5 e88710975478541659ed02fb88df8271

Comments