General
-
Target
4032-8-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
3b15bcd236e223417e7931da75adc45c
-
SHA1
91f53ca6de7709a1a64641b51b8f251dcda1f75f
-
SHA256
4d2bfefb6273c98a7d53ffc2a17d728ee5c14bcb84cf2a491446b44853685650
-
SHA512
4951138024c6e1699f7c19c8eb4c76243414fa37decfd3a6a5b4430c90d8e14b666e61b31c9e6fc76dc395b40d64871ed185f32a5630e67e3588533d86753327
-
SSDEEP
3072:ywDkHihhXdB4LtIfXW9Bb7Vbb7HeOa+wBvPCgbY:8c0oG99RbbsPLb
Score
10/10
Malware Config
Extracted
Family
snakekeylogger
Credentials
Protocol: smtp- Host:
resultsurex.com - Port:
587 - Username:
[email protected] - Password:
d()&nzU1tC3+
Protocol: ftp- Host:
ftp://ftp.resultsurex.com/ - Port:
21 - Username:
[email protected] - Password:
[XH~0fB9c]@*
C2
https://api.telegram.org/bot6783929306:AAFJU35OkwjDMHKdR2FUDQELnw67_grsAts/sendMessage?chat_id=5986156290
Signatures
-
Snake Keylogger payload 1 IoCs
-
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4032-8-0x0000000000400000-0x0000000000424000-memory.dmp
Headers
Sections