Behavioral task
behavioral1
Sample
e5832cd8f7599a7f4f2bba451f0bba45.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e5832cd8f7599a7f4f2bba451f0bba45.exe
Resource
win10v2004-20230220-en
General
-
Target
e5832cd8f7599a7f4f2bba451f0bba45.exe
-
Size
127KB
-
MD5
e5832cd8f7599a7f4f2bba451f0bba45
-
SHA1
a48ebc12b27b204168377b344b8a1bf2ce85fe41
-
SHA256
47a79a05ca373636bb5ff70d34ae5e5bc9deaf18b45d7dc55ef7bcece399d952
-
SHA512
13e8c110952dd298fff04a595228f1d99c95f7ee79684f88a716d373dce172ee8b55475e6bb79cfa4355336499e3cf06d18e8c6c08676cc289d703ac8b92881f
-
SSDEEP
3072:+OOYz2VWPIdSd6bhkKLitjqJ6b7s8IxwBjbXgbY:PzCJlkKLi8J6bDbQb
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6112875567:AAELAi1dztc_XKpDFEg1a1IG01250o2gxXs/sendMessage?chat_id=5687933537
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource e5832cd8f7599a7f4f2bba451f0bba45.exe
Files
-
e5832cd8f7599a7f4f2bba451f0bba45.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ