Behavioral task
behavioral1
Sample
Quotation China.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Quotation China.exe
Resource
win10v2004-20230915-en
General
-
Target
Quotation China.exe
-
Size
124KB
-
MD5
3adcb908c47a0e9e9358430dcc0c5b55
-
SHA1
a3cc683b61c6b571d973ba51c682f48534e6d01f
-
SHA256
2623f5e2a7aa90ec2c7d11a3e60fca615a629ca352a5ccdf9d4243c46e720738
-
SHA512
a04d200902513678f86150473c223c83c2c4f84f78a34142a0e84c95b04b3ddf2f151358988971b57d0843644cc61e44ce23438314cf578d879d8099886108de
-
SSDEEP
3072:eOOYz2Yaq4T7pwMxjF9uJokbUPITDlwBT8EDbY:vzJU+okbpTE8+b
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6553808600:AAEctl9z_ViEe1VbBXIi3Q8EzcyyXMP9F5g/sendMessage?chat_id=5086753017
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Quotation China.exe
Files
-
Quotation China.exe.exe windows:4 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ