Behavioral task
behavioral1
Sample
872-226-0x0000000000230000-0x00000000007EF000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
872-226-0x0000000000230000-0x00000000007EF000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
872-226-0x0000000000230000-0x00000000007EF000-memory.dmp
-
Size
5.7MB
-
MD5
e69f699db05b9fa5664bf54d29d60c65
-
SHA1
e89413218541b12b30c624e001c41ef5bde5669a
-
SHA256
0ce1fc4d5bb90951f99cea46251935db3f2a68729bd61a1b64feefefcc0fcd38
-
SHA512
989df1713473cd7bb0114711fb6d2ef17da0fc53138f82d4340419a0f43a6362505da5bd4f8710930846ddfd36bf75b7e3fee380070f740b738d278c96c06bb0
-
SSDEEP
1536:ttMpEvqHEIsanzw6vHWsszWWMFCIV7BjZPLbKuOdkVSGD6piOWBOF0Kcl:ttMKHT6esszW+IV7Lbf5DDswBOFbY
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5553654095:AAFY7fGm3A2NSyoJOWhzq_VfL3zRwqCo4Ow/sendMessage?chat_id=6183982484
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
StormKitty payload 1 IoCs
Processes:
resource yara_rule sample family_stormkitty -
Stormkitty family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 872-226-0x0000000000230000-0x00000000007EF000-memory.dmp
Files
-
872-226-0x0000000000230000-0x00000000007EF000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ