Behavioral task
behavioral1
Sample
2108-63-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2108-63-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
2108-63-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
b567e986aa7efc8d428b102095a82657
-
SHA1
458f99f0c7262e2f0f53da5f6a0b299a02466d39
-
SHA256
7d04ee89270cbc644798cc2ebab55ea64aafe4556aa4d1d89a34354914923b26
-
SHA512
39c5a870394b22987dc60fbb87b34310a60622b8b310ae855ab4fdf3d376f81aac13562c87decc3738db270ffc4a491b6fd9a4777a9382c8fded71243d44f22b
-
SSDEEP
3072:R1KCdhbjAyoq25uqa1VbP9+bCpLncwBt:nLZLqCWbUR
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alroman.com - Port:
587 - Username:
[email protected] - Password:
abc@24638 - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2108-63-0x0000000000400000-0x0000000000426000-memory.dmp
Files
-
2108-63-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ