General
-
Target
46bcf10bea643f6c1109176d1b6fb9c20fa16197.exe
-
Size
127KB
-
MD5
bc366e4fad0b7a0414e7f6520258c6b4
-
SHA1
46bcf10bea643f6c1109176d1b6fb9c20fa16197
-
SHA256
6168a30a81b06b9274ac7e07c347adc8640d26e8f70abae2a43cc36ea4eeffea
-
SHA512
718f47d637c2656c304815a122e2ab984bd83176b94687eda8da35170952975f630c2e36f9b356f94b4599f50db61a1027c26f1609dfe9db109267e76f65e565
-
SSDEEP
3072:Jw1/iasc0uNi3zDm1fmI5b73ItbfBINagbY:IiLu+A5bLIINjb
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.acotur.com.ar - Port:
587 - Username:
[email protected] - Password:
bLeos!8ObM%A103
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 46bcf10bea643f6c1109176d1b6fb9c20fa16197.exe
Files
-
46bcf10bea643f6c1109176d1b6fb9c20fa16197.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ