Behavioral task
behavioral1
Sample
Quotation China.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Quotation China.exe
Resource
win10v2004-20230915-en
General
-
Target
e9f8140bfc47ab663dd2e6bbed311a06ec65e594d01b636338eb9adcb93d80f9
-
Size
42KB
-
MD5
58acf1e1b226043145bbadad7efdbe3a
-
SHA1
be8e82697298822a7d108f240afef73dd825c55d
-
SHA256
e9f8140bfc47ab663dd2e6bbed311a06ec65e594d01b636338eb9adcb93d80f9
-
SHA512
6d0d4bbe8534824c1e714ca591a24d4f8250a30062843306056dbb093ec87b43510e93e7c8719f03338b7ce118b59d92356c673e170fde35be0fdf64aa91144a
-
SSDEEP
768:FmUcDqmONVhaa3zGs1G/4iDhtvuSGCF0xxRNZ5A47oa3EkBm2PGD9:EUcEDjGIGh1E3CF0J1A48a3BmTJ
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6553808600:AAEctl9z_ViEe1VbBXIi3Q8EzcyyXMP9F5g/sendMessage?chat_id=5086753017
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/Quotation China.exe family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Quotation China.exe
Files
-
e9f8140bfc47ab663dd2e6bbed311a06ec65e594d01b636338eb9adcb93d80f9.rar
-
Quotation China.exe.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ