Behavioral task
behavioral1
Sample
3060-8-0x0000000000400000-0x0000000000466000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3060-8-0x0000000000400000-0x0000000000466000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
3060-8-0x0000000000400000-0x0000000000466000-memory.dmp
-
Size
408KB
-
MD5
340a06bdc6e1ec4fb485ca31de72499e
-
SHA1
e7474f91cc7dd3520bfd404a884efa46c2b7ef8d
-
SHA256
3ddaed97ab7806b71b0ad4ba01824508f14ecb07e145e403d5ec8e1de5c68ff8
-
SHA512
4bdf91db63eededd3867d0acc6ec22d1422996cd688c224dcd00586fe390fadad2eb5ce9a149aeed4f19d573869fbd78682dc692a2a801685640ae5539fc7b9e
-
SSDEEP
6144:77q8tb2+xYbs73808adoep76WOA4oFnT3Fi5B1:77q8yy8K6WOA1t3Fi71
Malware Config
Signatures
-
Agenttesla family
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3060-8-0x0000000000400000-0x0000000000466000-memory.dmp
Files
-
3060-8-0x0000000000400000-0x0000000000466000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 382KB - Virtual size: 381KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ