Behavioral task
behavioral1
Sample
980-59-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
980-59-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20230221-en
General
-
Target
980-59-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
bc3c54d604e6c216a6959108ab7191e8
-
SHA1
06b5243f46a3245f9de5a204dcb8dbb743879050
-
SHA256
f50ee84c00be6c3a08c611eaf691aef1814362fc136eeb3df9d9f48c56f306d8
-
SHA512
2e375f3355eb1ab08fccb885d91c817b48009cc4486240ddf0311811f1ef1440cb2da36180c0e2da09ba7b1e938873a9cd27df0da575684d1b328298c9d3a614
-
SSDEEP
1536:RhrMBR29H0dh6xnKtc+vBUFrlYYoZkR0TFs5RH3OQMFOzQ2ggNYb/zRC0NrpiOWQ:RhryR6UGnK6oZtyYb7IiFwBIN
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower1@yandex.com
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 980-59-0x0000000000400000-0x0000000000426000-memory.dmp
Files
-
980-59-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ