General
-
Target
1132-63-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
ed1b45461f1044f24f11be2af4416e05
-
SHA1
49cc9620cde794af342f20ad7a3510b8a5457acf
-
SHA256
378d3234e61a58e393a58a1baa90490fdac26549edae8fb6cad254c22a94013b
-
SHA512
9320d612f686e38214d0f67cc9082b6db5acf1692793b62ac554ae389289066bedb7b623e444ebfe7a9d8c196785e707d165b3ed4c57e3cf59c62d974aa8be69
-
SSDEEP
1536:rNp+6OA/Ajxp7re3v78MF3Nxb+SAibbKuTsRxjMwbpiOWBo:rNp+SePre3vTxb+Sbf2d1wBo
Score
10/10
Malware Config
Extracted
Family
snakekeylogger
Credentials
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
C2
https://api.telegram.org/bot6090094982:AAFY3IWsepg-MkfRBVp9OC17aMMNauVNbEk/sendMessage?chat_id=1921649501
Signatures
-
Snake Keylogger payload 1 IoCs
-
Snakekeylogger family
-
StormKitty payload 1 IoCs
-
Stormkitty family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1132-63-0x0000000000400000-0x0000000000426000-memory.dmp
Headers
Sections