snakekeylogger | 2fc0000[.]aspnet_compiler[.]exe | Triage

Sharing

General

Target

2fc0000.aspnet_compiler.exe
Size

127KB
MD5

9d373250203a9ecdd4672cf9b4c5cdb2
SHA1

bca8a12717afe6ae4768064f381eb10ffe6393ae
SHA256

0ce43081f8d636aa33f55419d695494bb52bed729c0f770a8346ed85b0d34651
SHA512

80a38962a7b48263e35b433243cb38d103f8119085cba8ca0e38d538e836c5543a1ae16ba20e9327f4533d2fafec230ad04e0f65f5a11a64ff63a40c5809b1cc
SSDEEP

1536:C6oKEiasi4uWHIi1PTvYmbGUqMFMJptxpb/UJ9csVpmJHpiOWB8IF0Kcl:C6ot3s9xHIi1PTVGqFM9/b8KwB8IFbY

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://185.216.71.84/
Port:
21
Username:
blessed
Password:
!!@@##$$%%^^

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

2fc0000.aspnet_compiler.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ