MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 12

Intelligence 12 IOCs YARA 10 File information Comments

SHA256 hash:	6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c
SHA3-384 hash:	c0708864c7af770535ea06ca4475cf13316f65e82f551eacb60ad12979c717423d93d309f4337dc6b4e5e5ec7cdaa0d8
SHA1 hash:	3bfe159cc6b466a67fe9fde3f6cd1e01553eae6b
MD5 hash:	92471f0fe90a994c6d8ce7a0ea0a5682
humanhash:	nevada-glucose-charlie-aspen
File name:	MSVCP140.dll
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	2'260'992 bytes
First seen:	2025-12-09 13:52:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	5edb8b5f08ac87b95a8820c911ffbf51 (1 x SnakeKeylogger)
ssdeep	49152:xmbIJatR2nb6RshpF55JW90Oe9HL/S5VprVr21fSch4NTWe:zbRF5vI0/2VrO+
Threatray	403 similar samples on MalwareBazaar
TLSH	T1ACA58C2297A409F4D6BAC774D5424337C6B078D99370A24B069DD5583FB3AA0AB3FB70
TrID	66.6% (.EXE) InstallShield setup (43053/19/16) 16.2% (.EXE) Win64 Executable (generic) (10522/11/4) 7.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.1% (.EXE) OS/2 Executable (generic) (2029/13) 3.0% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	James_inthe_box
Tags:	exe SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

140

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/698a582d-114a-44dc-8bed-16848fcbc99c/

Malware family:

n/a

ID:

File name:

_6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c.dll

Verdict:

No threats detected

Analysis date:

2025-12-09 13:52:41 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/cdbd9190-980c-4acc-bcaf-702240b99e3c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/43992/

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=693829e7a675b653bd0f6564

Tags:

emotet shell virus sage

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

adaptive-context fingerprint masquerade microsoft_visual_cc packed

Link:

https://www.filescan.io/uploads/693829cabba50eaf0429bd39/reports/88ea2841-01f0-4e8c-b560-8671272a9eaa/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c

Verdict:

Malicious

File Type:

dll x64

First seen:

2025-12-09T08:48:00Z UTC

Last seen:

2025-12-11T11:59:00Z UTC

Hits:

~10000

Detections:

Trojan-PSW.Win32.Stealer.sb Trojan-Spy.MSIL.SnakeLogger.sb HEUR:Trojan.Win64.Generic VHO:Trojan.Win64.Agent.gen

Link:

https://opentip.kaspersky.com/6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c/results?tab=lookup

Malware family:

Snake Keylogger

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/05c5604a-ee78-416b-9055-e7567dfad974

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/92471f0fe90a994c6d8ce7a0ea0a5682

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c/

Verdict:

Malicious

Threat:

Trojan-Spy.MSIL.SnakeLogger

Link:

https://tip.neiki.dev/file/6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2025-12-09 11:53:16 UTC

File Type:

PE+ (Dll)

AV detection:

15 of 37 (40.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n7rnj3spnoojlyk6ixyrxahyhsb5ba35m7hwor54zhalktgnuewa._file

Verdict:

malicious

Label(s):

404keylogger

SnakeKeylogger

bf86b9e0be3cf96feba5abe1537ff8607630b4e0753df8c7d627a69341a24fad

SnakeKeylogger

c0baf892597238aa02ccc4fdd3e9d56e2d870d04d933ae67c3463cc3cc3cab7f

SnakeKeylogger

c56eada17d6c1dc11aef7339b2976be7fd74fbc531d1ffe360ee144316681f72

SnakeKeylogger

d227b87922c51c35154529f8374831ca235fbbab48543faf4781119d38f5e88c

SnakeKeylogger

e1b2ff255f455b87e526a051bfb97ba431d1eabde24f0af8a671d6a2615b1298

SnakeKeylogger

error

SnakeKeylogger

+ 393 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251209-q65n3ahq81/

Behaviour

Suspicious use of WriteProcessMemory

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/67fd0743-6a7c-49ab-bbfc-e9d53d7bcfef

Unpacked files

SH256 hash:

6fe2d4ee4f6b9c95e15e45f11b80f83c83d0837d67cf6747bcc9c0b54ccda12c

MD5 hash:

92471f0fe90a994c6d8ce7a0ea0a5682

SHA1 hash:

3bfe159cc6b466a67fe9fde3f6cd1e01553eae6b

Link:

https://www.unpac.me/results/ed05a42d-bb84-4b3a-886c-734043a8e10e/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__MemoryWorkingSet Create hunting rule
Author:	Fernando Mercês
Description:	Anti-debug process memory working set size check
Reference:	http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/43992/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample