snakekeylogger | 560-66-0x00000000003A0000-0x00000000003C6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

560-66-0x00000000003A0000-0x00000000003C6000-memory.dmp
Size

152KB
MD5

68fbd49ebb0d057b49851f4896773320
SHA1

6e9b15718691e87f7eed3ca356488801fc7a0f95
SHA256

7612674925a45bd3432bd061d280a4be07d6c8a9b2b59387141f0655cd8714bc
SHA512

ef3ae1e3ec484e47827d89ce19804c8677a1b641ee59be1ec1db2518f5fb593c6d712df8c27a130185106bf57e5e0126366d812f086b3fb9fb961cd670b95c45
SSDEEP

3072:V8fZCYrYNJ3jpxlTvmESbDB2Wb8Ry3wBjOXFbYd:9YrY73jpfUMWbO3O1b

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alwethba.com
Port:
587
Username:
[email protected]
Password:
BI21Awe7zW
Email To:
[email protected]

C2

https://api.telegram.org/bot5814180506:AAFpVfxl9CBszzsUeg8FTylBwiTKUc4g3lA/sendMessage?chat_id=5056270248

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

560-66-0x00000000003A0000-0x00000000003C6000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ