MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 19


Intelligence 19 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
SHA3-384 hash: 5d51fbee6a84e095ae2ac79c7232aa4819defb71a9e19745f2ae2000804168163c4a32bf2b61ab242d6e37521c313600
SHA1 hash: ad31124becbaa81b9d47e164fb8d6f695533b62e
MD5 hash: b8bd80bad556e49a22ebaabf4d8efcc5
humanhash: golf-summer-king-foxtrot
File name:e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:524'296 bytes
First seen:2025-12-08 15:58:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'598 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:/172V1qjwZyKJNRV0/yQASHSUWKo2knLwp/kpM4vTRA98UOG8vD4bB5iEl7QnO9C:wEKn0/yQRpWjzwpadVG6vUbB41O9r7kR
Threatray 40 similar samples on MalwareBazaar
TLSH T1D3B412B18B28D90BE6657BF10875E331B3345E8EA221C76659FEDCDF3A40B5069443B2
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter adrian__luca
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
HU HU
Vendor Threat Intelligence
Malware configuration found for:
RoboSki
Details
Link:
https://research.acce.ciphertechsolutions.com/results/28506a95-842a-4614-aaef-3c37886afe8c/
Malware family:
n/a
ID:
1
File name:
e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
Verdict:
Malicious activity
Analysis date:
2025-12-09 04:46:05 UTC
Tags:
auto-sch-xml evasion snake keylogger
Link:
https://app.any.run/tasks/5c5beee8-899e-4700-a063-bcae38416c78

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/43775/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6936f65edb58e1a2c22b9c03
Tags:
shell sage msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Сreating synchronization primitives
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a process with a hidden window
Creating a file in the %temp% directory
Launching a process
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Running batch commands
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expired-cert invalid-signature krypt packed signed snakekeylogger vbnet
Link:
https://www.filescan.io/uploads/6936f5dfd12d1c79d42ad77c/reports/623a0b99-c793-4b9c-8e9b-af486a154f57/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-27T00:21:00Z UTC
Last seen:
2025-12-10T07:48:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4/results?tab=lookup
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/463c994c-0b8a-4654-ac53-a20671577eaf
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.15 Win 32 Exe x86
Link:
https://app.malva.re/file/b8bd80bad556e49a22ebaabf4d8efcc5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4/
Threat name:
ByteCode-MSIL.Trojan.SnakeKeylogger
Create hunting rule
Status:
Malicious
First seen:
2025-11-27 03:19:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4wwv73ze6eexdaj5lxyqbeaqiz7vtjdope2mwgehbhsotoltypca._file
Verdict:
malicious
Label(s):
404keylogger
Create hunting rule
Similar samples:
60203c6af96861965a089eb2c9aa70ffca1a5dfee35a369e77ad3f17896a8ce3
SnakeKeylogger
87c9b23d3ac3e48910f9d204708f95d337fab4161b5fc8a9a32735cfe7b8d83d
SnakeKeylogger
93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
SnakeKeylogger
e11a0dcca950c7f8db943cd71e152257264d9cdfdb0a8ddf23b5e9ebe07daa4f
SnakeKeylogger
f7f0d0bcd56c2b929b687aa0c15305be4f71495d0b1ce5609fed155ddb0c016c
SnakeKeylogger
+ 30 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger discovery execution keylogger persistence stealer
Link:
https://tria.ge/reports/251208-tfbvvaen51/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Command and Scripting Interpreter: PowerShell
Snake Keylogger
Snake Keylogger payload
Snakekeylogger family
Verdict:
Malicious
Tags:
404Keylogger
YARA:
n/a
Link:
https://app.threat.zone/submission/ead869bb-3a8b-4239-b291-7199f7a0017a
Unpacked files
SH256 hash:
c3e4867ae04680256a60469acb9857aeb6fde66e4fd4e5d417ac2d494bf70076
MD5 hash:
32ec352cb77179c637dcd9ab3434e4bb
SHA1 hash:
22350403f0f3fa968af12bccbe2b2c9854e52205
Link:
https://www.unpac.me/results/38d70ed0-0776-4835-9884-74fcd6828e6f/
SH256 hash:
53061f463cc43053a070b517678e8ad79e823490d204c0013eab06e264800fac
MD5 hash:
dfcf0c21eb9240b154b0a1c68fd464c5
SHA1 hash:
295d7d5fe4b97e323d5e07bb8298b2b87c05543d
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/38d70ed0-0776-4835-9884-74fcd6828e6f/
SH256 hash:
77cc5e512fb208b3709a43538a3a24cbcfd05aafc973d3aff8c904fdadbe7c6c
MD5 hash:
0cd8ef984d1560e6222f1decf12aa33e
SHA1 hash:
462f86f1545d155074c7654e081ed65e811da1f9
Detections:
win_404keylogger_g1
Create hunting rule
snake_keylogger
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
MALWARE_Win_SnakeKeylogger
Create hunting rule
Link:
https://www.unpac.me/results/38d70ed0-0776-4835-9884-74fcd6828e6f/
Parent samples :
60203c6af96861965a089eb2c9aa70ffca1a5dfee35a369e77ad3f17896a8ce3
e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
4de3da2145094b2d623f289bb59e0315edaa2a4820603e1b0384d96da159484c
c9aa4d63ebfcc0345c125489766dd245a348a3f2c0ce15420a8103053237ef1a
36d699808361bcf77a1147c09dc4df6319b7bbf670814ab1f882bc2668fc11c0
SH256 hash:
e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4
MD5 hash:
b8bd80bad556e49a22ebaabf4d8efcc5
SHA1 hash:
ad31124becbaa81b9d47e164fb8d6f695533b62e
Link:
https://www.unpac.me/results/38d70ed0-0776-4835-9884-74fcd6828e6f/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e5ad5fef24f1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5ad5fef24f10971813d5df1009010467f59a46e7934cb188709e4e9b973c3c4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_KB_CERT_7c1118cbbadc95da3752c46e47a27438
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43775/

Comments