snakekeylogger | 652-65-0x0000000000400000-0x0000000000426000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

652-65-0x0000000000400000-0x0000000000426000-memory.dmp
Size

152KB
MD5

433bd81091d736714dc54ce95da378e2
SHA1

283c5d21f5d921ce16076f07e74e81a248f108c4
SHA256

01bff8f1247c561ceef07c5b96d9b33b881e760ef4ca1a8d27b492267ef77000
SHA512

7487f943462d30adf1af4df73859f01494698aa9be0421042c31e0a06239c99c6c16242c85380b7f4aa8bf8d584ae1c8b6e4947ae59d106f0970fd616f7c12d8
SSDEEP

1536:dNUE71Ms1fUZWTYaPTyFXs5I/41ggb/UOXtIpiOWBm:dNUESs6ZWTYaPT4/41Hb8oKwBm

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
kiamotors-khyber.com
Port:
587
Username:
[email protected]
Password:
ha(3,DhB$f}P1w
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

652-65-0x0000000000400000-0x0000000000426000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ