Behavioral task
behavioral1
Sample
1492-64-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1492-64-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
1492-64-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
d8c5267b19b2493c6041d18fda23523d
-
SHA1
e6f3fa5b5a3af407f643484b3dafca35b7b4ae7a
-
SHA256
3b18cdfaf6cde611a65b11d869f13560341aa689083eb763eb533f0dfffcf921
-
SHA512
729177cf7bf5015df005281ef918c69cfee20ee6eb935d5fb0ec54e20c9159a10be604a48a7192daf9c93ce9e22e4ae03591bd88fb76b4f4f0f1bed1aeb6dd75
-
SSDEEP
1536:DW/vo0dTsqzY0P08yyd3HbPXmKp1yt36b/UKWIROSCpiOWBN:DW/vo4s8Rc8yyd3Hjh1ycb8NxFwBN
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
gthltd.buzz - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
Files
-
1492-64-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ