Behavioral task
behavioral1
Sample
1748-65-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1748-65-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1748-65-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
9b180ce6655bde433d9fb7dc32530197
-
SHA1
f44087fb526917ca6a46d28c5029c11bbdb4e0a9
-
SHA256
825c80be7d42c624b78c040a2caf7095bcec828d761ddb792f82abbc46f7c1fc
-
SHA512
9bcc3dd724fa172325229a53f2eab9224a57d00efa4e283f5e2e8608e48e2f45cf7d041f7e26a20ab834424773b541d81edbfc45f3406c30bef44bb993e44f19
-
SSDEEP
1536:Cq/Xm2OXHFZ7v59zW13UFM+vBUFrlYYW1kZUPpEJN3HuwMFvaoWfsJb/UKtgbkLb:Cq/XrO3FVC3UKW1wfsJb8YgNdwBI8
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
kiamotors-khyber.com - Port:
587 - Username:
[email protected] - Password:
Hawk$CHz.=W7I4p}4
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
Files
-
1748-65-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ