Behavioral task
behavioral1
Sample
lmm.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
lmm.exe
Resource
win10v2004-20230915-en
General
-
Target
lmm.vir
-
Size
126KB
-
MD5
00beaf0b10d9ea32a8857efbdaa9cf55
-
SHA1
4c0e6ce8bf3afe2db364d5fcbe83c41e44d58a52
-
SHA256
7c381aa21265e230ee872afa0d7374024ca82f17030a6dda5514ab21d9cf0b4b
-
SHA512
9eb307999ccb4d8e165ff3d2822a8ed97e1762a1c5430071797cc994ab2e88412c978c7bf91d469735ec83a78471d06392081cba1b7f05e71900681f8a31a357
-
SSDEEP
3072:BOOYz2qq21BdsBQznGJbMdyy9wBHP3gbY:ezAG6JbPPwb
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6316392918:AAHcjKTVDupG6SMH3LkXAeVBgHKlqsAcmRU/sendMessage?chat_id=6445748530
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource lmm.vir
Files
-
lmm.vir.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ