Behavioral task
behavioral1
Sample
1744-13-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1744-13-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
1744-13-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
54c58aca71fac414d10037cc96773b88
-
SHA1
9abd3c5450cfc76dca13e1fbd833678826856be2
-
SHA256
8ac6d2ad7440f8df1fe265cbd30cc8878486e22026477fdb6e21b602979732fe
-
SHA512
b8fc3306c36b71722a03e1d958176780e719e641e4bdc44da8bd4f110a411e3a950f0c2888eec654c813d493db9e49c14ebeef1366320ec26f0839c6eff483cb
-
SSDEEP
3072:dyryR6jag4XrhnM16MZb7eXHwBgxGgbY:hyCUzbcxnb
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.setimetrasa.com - Port:
587 - Username:
[email protected] - Password:
Seti2020 - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1744-13-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
1744-13-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ