snakebot | 2b96a8e4b300395370ead750ded41da3a8ae6d546e284a87440ea870de86186b | Triage

Sharing

General

Target

2b96a8e4b300395370ead750ded41da3a8ae6d546e284a87440ea870de86186b
Size

479KB
MD5

dcd2763be50611d83c63d53db30158e0
SHA1

81702e1fb3c9f94c913112c562ae9e5f4d6e2e71
SHA256

2b96a8e4b300395370ead750ded41da3a8ae6d546e284a87440ea870de86186b
SHA512

1bf68274e436b6dfedfcd04640cb72145abe7db232bc6a7c9115c52f64f9b40bbe08a1d23747429e5662cb3b3cb2a925570fe31f58670915109dd73cc13a3c78
SSDEEP

12288:P2zIJS88lcNpDnvPNEKZORYa055CUEvsrbUzpIgks+O1JHc:PJJTmoLNEpRYFCTj1t1m

Score

10^/10

snakebot snakebot

Malware Config

Signatures

Snakebot family
snakebot

Contains SnakeBOT related strings 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/TBL PAYMENT COPY.exe	snakebot_strings

Files

2b96a8e4b300395370ead750ded41da3a8ae6d546e284a87440ea870de86186b
.zip
TBL PAYMENT COPY.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

stayA
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ