Behavioral task
behavioral1
Sample
2272-64-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2272-64-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
2272-64-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
826be17a8813b6e969b4e6d6072d42e3
-
SHA1
5df2d79938599382d7760f0f7401ba15c46f1cce
-
SHA256
e3da68b6b6dd2c4a6b64b873d797174086d9422c5083fb4232968be7ee285b51
-
SHA512
ceb66ebb9d04f214f7ce99e3f98c70dd4d2ea2913d9763c909b96d37081766496881953a17cc914735cf25772fbf60825bea1d086efe379d2df615ec3ba898a5
-
SSDEEP
3072:cOOYz2L2qnak0ZnhzJzGb7F+9TsWwBvP:FzN9JzGboeP
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6686619258:AAGtzpvFWTOm8FcEhveRVJyG4SlPLoGP3xc/sendMessage?chat_id=6465958501
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2272-64-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
2272-64-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ