snakekeylogger | 1700-66-0x0000000000400000-0x0000000000426000-memory[.]dmp | Triage

Sharing

General

Target

1700-66-0x0000000000400000-0x0000000000426000-memory.dmp
Size

152KB
MD5

a5648aac5c5c48445f92b41fb8c3b11e
SHA1

5334e052875849f152430a3443eaed4f47213ec7
SHA256

d68d4649319bc51c09b721ac095e70328ac05d78491581f15d26440b74f8aee1
SHA512

c7a3382eae61bd987df77b7c15335904b35677567aa8bd5253ee8813a5f6ea5d291e91fe7f470a81967d48b4b45cb82f50fda2ff99ec973560165e36533b96dd
SSDEEP

3072:cclpEaclJfDuktc9+fb85dXWGwB/U4FbY:SHl+obkAUcb

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.uccshoes.com
Port:
587
Username:
[email protected]
Password:
sales@123
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

1700-66-0x0000000000400000-0x0000000000426000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ