MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 19


Intelligence 19 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
SHA3-384 hash: 17a7fcf5698e1448e74cd523862a468de2fda85a03b656e722c0fa4b6e608b1face7885325c5b835b862e74a7bf12bc9
SHA1 hash: 1addbe3006ee3b5a07f3b04524e06c416f82c4ca
MD5 hash: 19f0e2cdf3af08383e538e885a78f9d5
humanhash: november-nuts-william-tennessee
File name:b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:541'184 bytes
First seen:2025-10-14 11:04:30 UTC
Last seen:2025-11-06 10:12:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'746 x AgentTesla, 19'628 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:Lk4vN8uFR9btQC6PoZ+yH2njSaQGr1dO/sT0gax:w4l95soZ+yWjSArKs6
Threatray 1'201 similar samples on MalwareBazaar
TLSH T178B4230CBF94D610C34C4AFFC892191402FBD1AAF55AF89B1AED18A31D6695CC6CFE52
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter JAMESWT_WT
Tags:exe SnakeKeylogger webmail-ki-lojaobrinquedos-com-br

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
Verdict:
Malicious activity
Analysis date:
2025-10-14 11:13:48 UTC
Tags:
evasion snake keylogger stealer
Link:
https://app.any.run/tasks/2bef2893-01d8-4abc-9f9e-efe0d886c859

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/32662/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68ee2e8104e22ce9acd9ec15
Tags:
virus micro msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Stealing user critical data
Forced shutdown of a browser
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated obfuscated packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/68ee2e8671883144ef363084/reports/77723b9a-6374-4045-a1fb-f51e9dae1868/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-09T01:58:00Z UTC
Last seen:
2025-10-15T12:29:00Z UTC
Hits:
~1000
Detections:
Trojan.MSIL.Taskun.sb Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb HEUR:Trojan-Spy.MSIL.SnakeLogger.gen Trojan-Spy.MSIL.SnakeLogger.sb Trojan-PSW.Win32.Stealer.sb HEUR:Trojan-Spy.MSIL.Agent.sb Trojan-Spy.Agent.SMTP.C&C Trojan.Crypt.TCP.ServerRequest PDM:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290/results?tab=lookup
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a97a6d0b-7fb5-46f1-ab1e-4a5de38ffb26
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.35 Win 32 Exe x86
Link:
https://app.malva.re/file/19f0e2cdf3af08383e538e885a78f9d5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-09 08:13:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wi2ie6beznugjcaptphutcyvusqvkepfigiggr5pkpym2xwwakia._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
404keylogger
Create hunting rule
Similar samples:
0cfce3e53dcdb056caf79f5cdb13fbe512e824945e5e1ee09b241cef476ff971
SnakeKeylogger
2070b6a77033379af1fa65bcbb203b62d0b953577d18d01553e76c5f8cf8d24c
SnakeKeylogger
9cb0848b2a33dbaacfcbfbc734430161d65a3408e66ef4b369a9f3139a3e1b3c
SnakeKeylogger
b84cedac3e5e517eae4d37b6add577fd766dcf5626d75a307a04f88c461edf9b
SnakeKeylogger
+ 1'191 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection discovery keylogger spyware stealer
Link:
https://tria.ge/reports/251014-m6921ahm9v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Snakekeylogger family
Verdict:
Malicious
Tags:
404Keylogger
YARA:
n/a
Link:
https://app.threat.zone/submission/868ea18a-9ea5-4a68-b230-ff9c67a734a4
Unpacked files
SH256 hash:
b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
MD5 hash:
19f0e2cdf3af08383e538e885a78f9d5
SHA1 hash:
1addbe3006ee3b5a07f3b04524e06c416f82c4ca
Link:
https://www.unpac.me/results/6848016b-066d-44e2-a2eb-e5b32b6797a8/
SH256 hash:
cc2b98223c9dcaf35c31d2eb743780aa3ea50177043e82633dda11aa7b7ff66b
MD5 hash:
014ace331af3642ddb3d3aa754e94950
SHA1 hash:
2ee54a101d1817ffdf1154d6bc19a7fa6db81c97
Link:
https://www.unpac.me/results/6848016b-066d-44e2-a2eb-e5b32b6797a8/
SH256 hash:
f9eda741e36de984f5764c76429ada284101b74abba47b708ac175c49f8227fe
MD5 hash:
48e1fdaf7662517c4e0f968966d4d7b0
SHA1 hash:
6320e1973e714027f3d4280c125ff36f51848f81
Detections:
win_404keylogger_g1
Create hunting rule
snake_keylogger
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
MALWARE_Win_SnakeKeylogger
Create hunting rule
Link:
https://www.unpac.me/results/6848016b-066d-44e2-a2eb-e5b32b6797a8/
Parent samples :
2ed366c595c98fbfe00e692f6d7e06dd237bc2fce08070b610e220083bdb1fe4
f9eda741e36de984f5764c76429ada284101b74abba47b708ac175c49f8227fe
b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490
91be01581d30136fc1d54926fb6fee17beb10959dae4ff07c9808c0244cce25c
8e95907c0b65f2f882de4d6bf69e0b62bf6ea0be2a87e5cc0ffa535fad492264
74bfc0967b1636ed58fbfc95523775dbef1e084910676b1e13a775095fec013e
626a21b142572a7729f9ee6746af1a1b21378e2f2457f8bfce9bdbe7d1fbe136
4255224f9842c7cb47d5d5d488d2f45674ac540f2b4652618dd2153acd3cd151
27af0f60f3069416ee2be26ee18589448518135832e18ae26e867a95d22d8065
324fcd15e9d6f1b0991ad5943a3178031c608d872cb810eeef48f11295490d6f
5b51788ca1b5ba91fd6f120c8264ea6ca4ae45db3dce9079f741d4e90d7dd341
SH256 hash:
94ce93190e512012ddc9762a0352941535c91507d56a31f2a7d69537920fc954
MD5 hash:
99bda7059719ef0f776b159102614b78
SHA1 hash:
cf94a6da97577a14f955859a171534ced10ab6d5
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/6848016b-066d-44e2-a2eb-e5b32b6797a8/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b234827824cb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/32662/

Comments