snakekeylogger | 9d6809e7d22ef036b8b789a20e684c258686cb9afb3899ed89675007621bc3e5N | Triage

Sharing

General

Target

9d6809e7d22ef036b8b789a20e684c258686cb9afb3899ed89675007621bc3e5N
Size

131KB
MD5

594c5052fc99e6818a13fed43b4c50c0
SHA1

873fea4c018b465c44b1dd8914497df03267ce2d
SHA256

9d6809e7d22ef036b8b789a20e684c258686cb9afb3899ed89675007621bc3e5
SHA512

23898bd7b7ce500c95cb42df085c22d82ab0e806dc8c9c2f4d8fb2459e8d25ab533ea8c2f05ccc9540b755fed1b02fc30cb256f813d6594f1c9a0bac8c72809b
SSDEEP

3072:6p/hYgDQapNqiSMPTQBkb5yqsYQwv80qgbY:cYcQkQabHzb

Score

10^/10

snakekeylogger

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
webmail.sventerprises.net
Port:
587
Username:
[email protected]
Password:
Kspatil@672
Email To:
[email protected]

Signatures

Snake Keylogger payload 1 IoCs

resource	yara_rule
sample	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d6809e7d22ef036b8b789a20e684c258686cb9afb3899ed89675007621bc3e5N

Files

9d6809e7d22ef036b8b789a20e684c258686cb9afb3899ed89675007621bc3e5N
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ