Behavioral task
behavioral1
Sample
2656-8-0x0000000000400000-0x0000000000466000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2656-8-0x0000000000400000-0x0000000000466000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2656-8-0x0000000000400000-0x0000000000466000-memory.dmp
-
Size
408KB
-
MD5
4418df48c57f1609a216c44dd5b81a87
-
SHA1
de65e6e16f1fd1c7b293374c6a1995961e537183
-
SHA256
8d27202c56dd3f8d7e8be168e6d14ba009fa4dfcebe28c89f685c7102f7e86ac
-
SHA512
6a0d0686d138b7b73c2e02b06e22b83ac516180d2cd4db7f3b4c5227a1546e6668e5f491ede9179f9842a462432fe61af2e889151edcc16252d0a420c8f6fe7b
-
SSDEEP
6144:Yi9rMT3pU0Tqp1Zo1yn87qdhdbYTxgboT:bI1Uss87qnWVKS
Malware Config
Signatures
-
Agenttesla family
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2656-8-0x0000000000400000-0x0000000000466000-memory.dmp
Files
-
2656-8-0x0000000000400000-0x0000000000466000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 380KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ