snakekeylogger | 1216-59-0x0000000000400000-0x000000000045A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1216-59-0x0000000000400000-0x000000000045A000-memory.dmp
Size

360KB
MD5

e116eece53662acfde2aaca1fcbaf4ee
SHA1

30cfcc6165470b1df65539e0dc6dabcb3b843596
SHA256

2078d00433de6f18a8517dc211fad988fadcbca5e0478428063068185e416786
SHA512

85a776458bf88b5c760fd3d3d2c41bd0615e4b215203d32040a27ce1b4cebdad5a7e2a1f3c719e15af90d49768e2d893cc35b0fb54990d344d54431082d084ec
SSDEEP

3072:Q/ethz6xGUvIk/CLatG6Ueb8QeDTHsfBcd:pZ6Yk0tkb2Hx

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.toyotadelpilar.com
Port:
587
Username:
[email protected]
Password:
z147258369
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

1216-59-0x0000000000400000-0x000000000045A000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ