Overview

overview

10

Static

static

10

2996-13-0x...ry.exe

windows7-x64

2996-13-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2996-13-0x0000000000400000-0x0000000000426000-memory.dmp

  • Size

    152KB

  • MD5

    0326e0806cf99db434699e13a8f828ac

  • SHA1

    75bf9637d893b553a35cf23c9fa2b6dc63e10958

  • SHA256

    f60672a62eb8eb1d199d4ed0651b1a351c1fbe6b9164cbc5c0a41966660ca289

  • SHA512

    be3a9ad61371397c91d025e912d23800d0cd14953d2b35f13bf6c5476b8465aec85118e65ff859172808c0a82a7e0c6c76fc1f550c52687a55aa2ca05ea5f602

  • SSDEEP

    3072:yItxksC4RHxdXK1rMA13SjXaH03Xik2n4Fb0Kvvsr1wvxLx0GgbY:vksCMHx9KdCZKn4Fbz0nb

Score
10/10
snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    fY,FLoadtsiF
C2

http://103.130.147.85

Signatures

  • Snake Keylogger payload 1 IoCs
  • Snakekeylogger family
    snakekeylogger
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2996-13-0x0000000000400000-0x0000000000426000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections