General

  • Target

    1160-76-0x0000000000400000-0x0000000000426000-memory.dmp

  • Size

    152KB

  • MD5

    8252a23a6f2366d169e61fa2ef76a37a

  • SHA1

    18d633a4ee1611c1473a0c8a70daf50cad9579e8

  • SHA256

    3d6c3507d6a375bec70ddecf13040f7fc9c292827ea0b23da23d82dca5e4494e

  • SHA512

    bbd285e3608135a05b552284b40189c8878eed676ac962b388c00e421692ca7814193a49bc8c0f2382a4c1ce34a3fe1a1891b74e046e0326054f9e9b7b674b68

  • SSDEEP

    1536:/tMpEvqHEIsang0ly+G0/UV+vBUFrlY9kmKNpMFamNAyDt3ZbKuFoA54UpiOWBjq:/tMKHE/7km4mqyDbbfSAC+wBjFbY

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6029559841:AAEqr8_NCfqapJgAzw8PoPbqoCosnsk1VO0/sendMessage?chat_id=6033043077

Signatures

  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
  • StormKitty payload 1 IoCs
  • Stormkitty family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1160-76-0x0000000000400000-0x0000000000426000-memory.dmp
    .exe windows x86


    Headers

    Sections