Behavioral task
behavioral1
Sample
880-79-0x0000000140000000-0x0000000140024000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
880-79-0x0000000140000000-0x0000000140024000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
880-79-0x0000000140000000-0x0000000140024000-memory.dmp
-
Size
144KB
-
MD5
898bdaf684252ffde1f61a439fa89ade
-
SHA1
51f0b783dc1ad965cd946e88f90c86f622cda320
-
SHA256
5f80c6cc9e29f9600ef749a7fe85e8750ab9eb7f4c99e0e351e8a074b6a5912f
-
SHA512
fd4551495d3786f651e1a9b74ad42921ec9ab5c906d8f53116478cf9eb4495ab1c99c437e2a8f34c7c15e01f08d10b909415e981c157d03942298b49c8adfe72
-
SSDEEP
3072:wOOYz2xh+Lq9UZVjagibUQs5WwBjRhDbY:pzSOBKblsXRRb
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5871428476:AAFDACE8UvJvfXj7XlhB7edBJw5WrnvtTVs/sendMessage?chat_id=5618853041
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 880-79-0x0000000140000000-0x0000000140024000-memory.dmp
Files
-
880-79-0x0000000140000000-0x0000000140024000-memory.dmp.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ