Behavioral task
behavioral1
Sample
2464-22-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2464-22-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2464-22-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
faa55431d1d6585c0059e4c7265e3960
-
SHA1
18cffcd81a80b8868b8cc88288070f37b8fc917b
-
SHA256
3c6853dcb899d1bacf4233f2e550ca6d5e9705d03e86e20b24a48ab7c0b57f8d
-
SHA512
772a523347eef8119ac47767d2e3ce2db4c2ef9da68bb5ff72ee3723e4d2c366f87aecd88e66ce3f19c0ca4dc4bd6dece71dbea3b2341a75569b1d39e15eff6e
-
SSDEEP
1536:z8QFoRxLeX2uiiGvh0ePplH+B/qpjWrLVcMFWeipsG248bVkzYMZfpiOWB3n9g0d:AQFoPLPzKePplH+itibVexwB3n9gbY
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.1tcl.com - Port:
25 - Username:
[email protected] - Password:
RRa*ysS8
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2464-22-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
2464-22-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ