snakekeylogger | 2000-60-0x0000000005040000-0x00000000050BC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2000-60-0x0000000005040000-0x00000000050BC000-memory.dmp
Size

496KB
MD5

ff575b4ae2880765a12bec2a221d1b0c
SHA1

ccb5cd0885dd28c4ee2dcae6f8796856ef96ef29
SHA256

684229a7640ad69c6386374fe2b82429c37405a211d8efb482f900502dd223a6
SHA512

4d75f65a4d497b1d8afd602f22d64f6aa2842113f9ed405cf6fb9b26ac1b5587b4b092914b6e8f6859de140538ee7a406a0801d91f712aace64cb62d9e5d3530
SSDEEP

12288:rk3E3HDei3oXA2jCXgXLz/HQOqzjW/Nh:rkU3Hq6oXA2jBXHnqzjG

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: ftp
Host:
ftp://194.31.98.108/
Port:
21
Username:
fjghfgjhf2
Password:
fkgfgjfkgfg

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

2000-60-0x0000000005040000-0x00000000050BC000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ