Behavioral task
behavioral1
Sample
832-66-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
832-66-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
832-66-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
8764bd992056900155930f68e50c3a27
-
SHA1
226c8946043a0c664dd66c34f957ce7c0c16d65c
-
SHA256
9b159dde98ced0b32a3a500c3b415e67cb9f601f27ecbcf790e658e0d5aacd5b
-
SHA512
af916041a700b0d2386c489ed12e504bf1fc1bfe41e8d692bd9d6db6c70c59cffdecdee6656a92860c6cd076a214db921dbdadd52ff1fcd2bcc5fd4cced8768c
-
SSDEEP
3072:Jb4Z7s7JGAWjTVHXh9d3lJJb8Mi/wBmRFbY:4TtXh9d3l/bQVPb
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
qlRYaFn8 - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
Files
-
832-66-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ