snakekeylogger | a90f8890b1bef4fadb07d9d3a619b033[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a90f8890b1bef4fadb07d9d3a619b033.bin
Size

45KB
MD5

8388d63dab607dc41aaa73e349981d59
SHA1

c9b3474155ff1b949bea55ca1db5051555e98c94
SHA256

919369cc21740b5cde2d1b49eba8eb60f90b5f0a7b7ab3dcc07eeba256d4e33f
SHA512

f2ce04f126dc3eaa5a62a53caf0b3863cd6633a763fddc19fecc89c44530c4638dad67fc39e6a0a7e158f94f9ebcc2d5e3be37579abd8acf9b8534e15a441a78
SSDEEP

768:/SEbPA6ZI+yuqu4sjtqO8aceEmUgj6n225ZnELZc6XgnM/h6Cc7G0T8Ma6PrVYH:/XzAD+HqeAO85eEmUgj6r5ZnsZc6Xgns

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
TfjWeao4
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
static1/unpack001/32fea79bb9607e69a1105c5105972b488d724d2130f96249c225abe09bbf34b8.exe	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Files

a90f8890b1bef4fadb07d9d3a619b033.bin
.zip

Password: infected
32fea79bb9607e69a1105c5105972b488d724d2130f96249c225abe09bbf34b8.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ