snakekeylogger | 1400-65-0x0000000000400000-0x0000000000426000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1400-65-0x0000000000400000-0x0000000000426000-memory.dmp
Size

152KB
MD5

e4af845be2ba711b964c1b48cc0a65ef
SHA1

3940677880aed64ccf9920dd4904a2d05c71fee2
SHA256

28ff2878f2e31ebec6c1c1535175e5d9282b3fe14436b49c2a2048ad157cb9d2
SHA512

1c90ddf1c3ae42e7474d23c209d7ca92bce020a4c5179e9465da85ec8692250b34b30c07b9bf01e3ac6599db20d1b070e39157d11144e45a8a7f359feaf78ddc
SSDEEP

1536:pp/tRIG7yShXvFh2+vBUFrlYYWZIkKxtmBvTClcWMFBst02Gb/UrQU0W3piOWBIQ:pp/teahvFUWZIztRGb8bP5wBI8KFbY

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
shivamdevansh.com
Port:
587
Username:
[email protected]
Password:
=BW-fBRnJV%Y

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

1400-65-0x0000000000400000-0x0000000000426000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ