MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67
SHA3-384 hash:	449d84cbfd745ed71607bf9b948dcc05096cecaf5feeb286fe00a388fe821021177ac8f9cb253c07c53edfef3630b112
SHA1 hash:	cc3077a0140744dd593024310e7660cb40232e38
MD5 hash:	5717afda2159126b9b9f7aefce4497de
humanhash:	virginia-fix-ack-papa
File name:	Dowód Przelewu.bat
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	3'838 bytes
First seen:	2025-10-07 06:55:57 UTC
Last seen:	Never
File type:	bat
MIME type:	text/x-msdos-batch
ssdeep	96:AslTSkFvWATY1eYYi0sUDQGeTeYYi0RE/57Ym2sv:5hA
Threatray	922 similar samples on MalwareBazaar
TLSH	T1DF8192631E879BCF25C0541851CE78C5B14B823F891F8099EB09A5B15EF2A6CAB36F51
Magika	batch
Reporter	Anonymous
Tags:	bat SnakeKeylogger

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

_f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67.txt

Verdict:

No threats detected

Analysis date:

2025-10-07 06:58:07 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/ef4ca9b5-9a5d-4a35-bb8e-8c9bc16c0c2f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/30923/

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68e4b994277c2bd8bc5d43ab

Tags:

obfuscated shell sage

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching a process

Сreating synchronization primitives

DNS request

Connection attempt

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated powershell

Link:

https://www.filescan.io/uploads/68e4b99cc74bd2958b163812/reports/85015329-5481-4a9a-925e-371c0f20a939/overview

Verdict:

Malicious

Labled as:

BZC.MNT.Boxter.794

Link:

https://www.hybrid-analysis.com/sample/f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-06T12:50:00Z UTC

Last seen:

2025-10-08T05:36:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67/results?tab=lookup

Score:

97%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67/

Verdict:

Malicious

Threat:

Trojan.BAT

Link:

https://tip.neiki.dev/file/f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-10-06 19:39:46 UTC

File Type:

Text (Batch)

AV detection:

10 of 24 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6clsmxnvr2qhoef3yljptywafbyiftfdhipe35hdrccuzztx75tq._file

Verdict:

malicious

Label(s):

donut_injector

404keylogger

SnakeKeylogger

0c832defb42fbc43ad391e311acec263403ca019aebe826ed9fbe84d76d5d2de

SnakeKeylogger

b50f8ce45465bd38523ad8924db0c9d0c940b0d739249494fa8feb7dce8f6547

SnakeKeylogger

error

SnakeKeylogger

+ 912 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:donutloader family:snakekeylogger execution keylogger loader stealer

Link:

https://tria.ge/reports/251007-hqk1qavkt2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Drops file in System32 directory

Command and Scripting Interpreter: PowerShell

Looks up external IP address via web service

Executes dropped EXE

Badlisted process makes network request

Detects DonutLoader

DonutLoader

Donutloader family

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Malware Config

Dropper Extraction:

https://files.catbox.moe/awt3hq.txt

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f097265db58ea07710bbc2d2f9e2c0287082cca33a1e4df4e388854ce677ff67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/30923/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample