snakekeylogger | 0x0006000000015632-107[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000015632-107.dat
Size

96KB
MD5

98b3380a8927b93c08d1eab0d07103cc
SHA1

37253b0ca3725c4275c240cfea229c8e0db58195
SHA256

8eb017ece8a897d9c94a2afb605f341a435b30723ceaea2c79ee2662dcb6a89c
SHA512

7b3f01d6808304647aef785d1bdbe8ed5d97a09aa280ff4933f5052cc2389ce7c57643842d43941154e777a46423b6247b3f598fe68bc512ea59ac197b7824fa
SSDEEP

1536:ruLn6DX5el5/aMp57DKX1MFyc+UbaEyRbKaULD2SAewpiOWBoF0Kcl:ruLnssTT7DT+caEyblwD/AeiwBoFbY

Score

10^/10

snakekeylogger stormkitty

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.rampelloelectricidad.com
Port:
587
Username:
[email protected]
Password:
raulruben55
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0006000000015632-107.dat

Files

0x0006000000015632-107.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ