snakekeylogger | 04745ac4f36815aa9af2f5436c124b59[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04745ac4f36815aa9af2f5436c124b59.exe
Size

470KB
MD5

04745ac4f36815aa9af2f5436c124b59
SHA1

19f3943f796f606f9a87bcc448f9b339d001296f
SHA256

7bd6fd45434b472102b1deebcdf02410a0dc297c250d04ff9dd8418285183874
SHA512

5dc2ad15457d46f0ec1b4688cde8c777dcaf00699a12cf1d9c993501163f3e9af38ea548dbee709c6aa5d76961b3e2ba1b250bd770feaae8b1d8dcb43ce1c895
SSDEEP

12288:rk3E3HDei3oXA2jCXgXLz/HQOqzjW/Nh:rkU3Hq6oXA2jBXHnqzjG

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://194.31.98.108/
Port:
21
Username:
fjghfgjhf2
Password:
fkgfgjfkgfg

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

04745ac4f36815aa9af2f5436c124b59.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ