Behavioral task
behavioral1
Sample
2036-60-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2036-60-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
2036-60-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
a80524d7807127f8c3caa758c5db969f
-
SHA1
eea529bb44d2b202b8c03cdf9827f024d7cfe31c
-
SHA256
cf4a7dd833f3c3235b0d187a32bdf8bc57119dbb7c6cf00806d4ca41e83c48dc
-
SHA512
a378a8edc0f7403817c3e90636c00b991602873b80b47e733ac296fb7f791feefce4614bb8e3cb332372b4b2a814cf3b59582876c3054d7b8bc0baafd8d79ee2
-
SSDEEP
1536:bT4XMsS7/6JR0GJJA6XbDeBLtlOZD/txojMFfesUqHY6vObGbIbUXLiEVN1npiOS:n4XMbTM/A6XbDeupGbG86i+pwBM8
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.freshfada.com - Port:
26 - Username:
[email protected] - Password:
GRACEoverflow123@
https://api.telegram.org/bot6010601014:AAE_RJm-2igP99_YnmRQZ_TajH6dCuBx6CI/sendMessage?chat_id=869301167
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
Files
-
2036-60-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ