snakekeylogger | 624-63-0x0000000000400000-0x0000000000426000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

624-63-0x0000000000400000-0x0000000000426000-memory.dmp
Size

152KB
MD5

d20c71f67e79a4c4ef2494e3577198e0
SHA1

15b416339f579e465417d765bfe89c5505ebf382
SHA256

f0e82829d5f3d1bc3f733c7125b6a28a4e424919beb5d0b63fbf056c91740f76
SHA512

6ca215cfef97a3f9e5cbe79c3f109cc95bb353d7d0f5b8c18fee21c2d0eca5f792ca18620a976e6c46cfe66045f7efdc5fca5791fee8932db8b937b6c7de80f1
SSDEEP

1536:e1phd3jpizenuasWmel12Px1MFa3hO7ympb/Uzcr+vf+zpiOWB/2:uphd3N+Iu8jl12Pfmjb8zf+dwB/2

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.ansssen.com
Port:
587
Username:
[email protected]
Password:
zbE$)Q^6

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

624-63-0x0000000000400000-0x0000000000426000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ