Behavioral task
behavioral1
Sample
1776-1220-0x0000000140000000-0x0000000140022000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1776-1220-0x0000000140000000-0x0000000140022000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
1776-1220-0x0000000140000000-0x0000000140022000-memory.dmp
-
Size
136KB
-
MD5
610129e73c693f8ddb1b61ff722463ac
-
SHA1
f20597418b407676f508533a31c198778ac6b8b7
-
SHA256
7275450bd7ca9df9230498903cf66d724ef9d7865b7dfc63c449a555f77ee003
-
SHA512
f462f6829449f0e3f10324e7907c9d285f1bba1cdbe6a3be1aa9a722c0459cad1b4a49d7706a3eff18642d7d05fb693ef8948a67a58c10a0728785c6115aeb36
-
SSDEEP
3072:DOOYz2sMJZjJ3EJOWbUoMdrXsgwBvUNDbY:Qz5TbJM5XgU1b
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6131487156:AAFzpoRUv23HSoE57FgrwPQiVuiha1F8Pcs/sendMessage?chat_id=6373691592
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1776-1220-0x0000000140000000-0x0000000140022000-memory.dmp
Files
-
1776-1220-0x0000000140000000-0x0000000140022000-memory.dmp.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ