snakekeylogger | 1460-78-0x0000000000400000-0x0000000000426000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1460-78-0x0000000000400000-0x0000000000426000-memory.dmp
Size

152KB
MD5

ac067e40a5e92f8a7a2e1a428b03d88a
SHA1

3e929b8f8fd69c5b68f273e78aa9bb26b8719b73
SHA256

280b06240c8e2616a70092d6ea75b883d4ccb5fffa3b956d4f551c9f54fe5595
SHA512

773cc417cf9f230ebea33d79220086b371996155b053ae7cc6849e97b39e68c123855931cb333cabfed027b805c39d84b58dd5f841efec4184635141fa44ddce
SSDEEP

3072:vJ1b8pTzt/+sOKecxIM6Iwb87tLdwBB8:v8pnYZcxd67bAt68

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.eculantltd.me
Port:
587
Username:
[email protected]
Password:
mirdavfav161921

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

1460-78-0x0000000000400000-0x0000000000426000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ