MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5
SHA3-384 hash: dc0c7522e2c765fdef0f748a228bd16d024d05984c628e9799d38408473696b173117e8719bcdcc35d82113c49efe691
SHA1 hash: 6ad512e0dbaa3af6492719ce647295d45d932e97
MD5 hash: d2af5b60891ec9447f9b0a77df7263fe
humanhash: uncle-ink-crazy-mango
File name:kindly quote your best price for the listed goods..exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:954'880 bytes
First seen:2025-07-02 14:40:37 UTC
Last seen:2025-07-02 14:44:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:fkJ+UxlhWwfEJUJnvBo/8V7uglUbd46f+dK0RowVI3F/thH3JJZaWiMiIvSBQiIr:4lkwaUJu/8B7Ue6c1Zo/vtgySiiUt
Threatray 3'310 similar samples on MalwareBazaar
TLSH T1C215D02932DCAA41E07A5BB845B4E13027F9794D642BE34D8DC228D33EB6B414B1B75F
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter James_inthe_box
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
32
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12038/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.13782.16799.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68654508c9eb9747376573b0
Tags:
backdoor virus msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Stealing user critical data
Forced shutdown of a browser
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed packed vbnet
Link:
https://www.filescan.io/uploads/68654509714e106cecb9f81c/reports/a28bbde0-4519-4244-96e7-6929b306770e/overview
Verdict:
Malicious
Labled as:
Genie8DN.Generic
Link:
https://www.hybrid-analysis.com/sample/78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/60cba980-5527-4aac-b0c5-e832c8679484
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) Win 32 Exe x86
Link:
https://app.malva.re/file/d2af5b60891ec9447f9b0a77df7263fe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5/
Threat name:
ByteCode-MSIL.Backdoor.njRAT
Create hunting rule
Status:
Malicious
First seen:
2025-07-02 02:46:47 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pcxalzh2exv6mpctndyfb5j4bm3dz4iq4gcl4hk5mzdemxamdt2q._file
Verdict:
malicious
Label(s):
vipkeylogger
Create hunting rule
unc_loader_037
Create hunting rule
Similar samples:
1c015ce771fcaf5114418dda8f33c9d357e64de65c2ad89ba2088883a67af9b6
SnakeKeylogger
52e613978faf4b534d0864a6125d73767b06319e9adaf7d42075527e2b52b3fe
SnakeKeylogger
b87da989bc58c277f819b39884a1a5097c6e55cc522cd482f1db530f10c38ed2
SnakeKeylogger
b8df5ca9ec2fbb02bebddb499f4c1a966bf9da4581e68eeca99a195dbd94f4fb
SnakeKeylogger
error
SnakeKeylogger
+ 3'300 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:vipkeylogger collection discovery keylogger spyware stealer
Link:
https://tria.ge/reports/250702-r2g8msak4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
VIPKeylogger
Vipkeylogger family
Malware Config
C2 Extraction:
https://api.telegram.org/bot8048501078:AAGQBM723PtPZdAcYNixiXjYQjN2ziFVeME /sendMessage?chat_id=6847813968
Verdict:
Malicious
Tags:
404Keylogger
YARA:
n/a
Link:
https://app.threat.zone/submission/74d0fc58-2c88-47e3-9081-d5e07054b470
Unpacked files
SH256 hash:
78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5
MD5 hash:
d2af5b60891ec9447f9b0a77df7263fe
SHA1 hash:
6ad512e0dbaa3af6492719ce647295d45d932e97
Link:
https://www.unpac.me/results/1d292875-bb6d-4e7c-8cac-b1493cbc95cc/
SH256 hash:
d4ab8651dada2371f5278780ed73816bf04096816f4ae71e520062f54b9914ad
MD5 hash:
749ea747be2cd83d02bb97f842fde776
SHA1 hash:
390aa57b6938baa2ce12adecb0534e7332e11f38
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/1d292875-bb6d-4e7c-8cac-b1493cbc95cc/
SH256 hash:
5e269c2e8062909b1028df7a0a5e442c579d0dff289bc883ab940874f8366dae
MD5 hash:
90042fa15925e83a6a4f816b64b03f78
SHA1 hash:
6823153b503b6228d8dfb4483444f3a4468559be
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/1d292875-bb6d-4e7c-8cac-b1493cbc95cc/
Parent samples :
5d5edf2c80c6c8c6a6619d4ee719e7af084d544dc303e4ec601d9f46adfabb14
889709cbd7fadea06caaf9533dcfc8690ec229396771cd9e963268fcbdbec865
ae8300b8080e4aabaa7b31f7035848a10ad59f180a823b8ba9ba63441ba8bca5
05ddfe68f52650bb4edf167f1e37883c77dced2d90b57e4cad1d8e640dbf81bd
78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5
c5b8dcac999dedc765dd0d39bd6ecf08edd6151819c0affb56156706f2d71d22
SH256 hash:
e870e4e03b5cb757608452990d8a6b6debee98285dbaa013ea8e83164dfc5e8a
MD5 hash:
6bd02360cc49d8d7f91de35779aa1d92
SHA1 hash:
8a8683c6ee9361148cbc391636c64c856fded106
Detections:
win_404keylogger_g1
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/1d292875-bb6d-4e7c-8cac-b1493cbc95cc/
Parent samples :
78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5
4350dbe482fb5195748203ebc618d6b2f88218b02e4183e203dedebe7e0e94ef
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78ae05e4fa25ebe63c5368f050f53c0b363cf110e184be1d5d6646465c0c1cf5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/12038/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments