snakekeylogger | download[.]exe | Triage

Sharing

General

Target

download.exe
Size

141KB
MD5

e3f685ac54f0cd34b274bd68fd13f126
SHA1

4203564851a478156d9036ab21196a6bf7b5c43c
SHA256

b220d7bfddcfd063cfa212b507492e836d8e91e2d7a9858614e24eed3147a819
SHA512

42f9bdd6a6fe124ebce12cee5fcce75794114fce3e947e049f73e641097f3edce39f8dc9b79a3fc8e8a74b9efd3694d99659c78cc114fbd9963aec2efe68a53b
SSDEEP

3072:chryR6+DP/CUqrEu9fygubH579wBPp/GrQWV/OS3KDbY:V+NubZ0p/8V/wb

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.pacific.co.za
Port:
587
Username:
[email protected]
Password:
G@reth#M1tchell
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

Processes:

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

download.exe

Files

download.exe
.exe windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ