snakekeylogger | 2560-15-0x0000000002110000-0x000000000214A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2560-15-0x0000000002110000-0x000000000214A000-memory.dmp
Size

232KB
MD5

1deec0ed82533a0e73251c8a65878b6d
SHA1

614d71fa433e48c89127dc97c1258588a312565f
SHA256

6a6833a8bd3ed6efedb0fcd97c667e1e76140fdc7389d123aa8014092b14203a
SHA512

7147f2650f72830eded2ffabe62e3c10b049ea57f015e129a1a45286016e92b7c894106e0237dc391040129da55595ca9640ead13285768fa8f50bac008c5cb5
SSDEEP

3072:W6y27KSHdfBsUUWrDphxuck2WHPubbjD2CKsQuoUlL8uyRgbY6:R1tHkdHabn2dcb

Score

10^/10

snakekeylogger

Malware Config

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2560-15-0x0000000002110000-0x000000000214A000-memory.dmp

Files

2560-15-0x0000000002110000-0x000000000214A000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ