snakekeylogger | 1468-63-0x0000000000400000-0x0000000000426000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1468-63-0x0000000000400000-0x0000000000426000-memory.dmp
Size

152KB
MD5

a37ca57c9adf7ff48125a0cdbe34d122
SHA1

33257f676a0a052e363e75102f4b8e3878ef8619
SHA256

6063033ff884916c51574740c843f20cc28698f9d03f407d2a61b3693fda7e60
SHA512

38dcd35f9bc94badb3e65b6fc1b50321ff071d6931faed3f06cec2c1d9ae2e9c62e24918ba90fe2f2a93952273283c2f8aeb58794ffc92fdbee29c11a160b642
SSDEEP

1536:whVtqTNgZhXf+yHCJE+vBUFrlYYYIkGZZXhzrCdy8MF/i7p9bwiJb/U7+Gti7JCg:whVtICPZHCaYIC7p9Lb8iNkwB4U

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://ftp.cleaningagent.xyz/
Port:
21
Username:
[email protected]
Password:
7Du;up=},e4J

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

1468-63-0x0000000000400000-0x0000000000426000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ