Behavioral task
behavioral1
Sample
2712-13-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2712-13-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2712-13-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
488540440ae28c7317476784d2e3f4f2
-
SHA1
36828189a4472d18836dc56b06c9db94d664d5bf
-
SHA256
de6325a805a30024a9b3566e23c063798128348001650caebb5198ad18675f50
-
SHA512
e1f95e76b9dcee6de06f5f3ee6b5a7221ec24c06287f77018ae6b78b14ad211ec1de6b56b9a4bd3bb433b78fdbb211b87f4199114094bf72194cc68cc3d97ab0
-
SSDEEP
1536:0OOYzPuJ+iCU2J4nakXr+vBUFMlY6Zn9dCfdGhhLzMFonrjepCelb/zM3yjrEupc:0OOYz2L2qnak0ZnLj8b7jE4wBvP
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6374308981:AAFJV8dSpWlDNEsEiQsLhSk26tafVqeXISw/sendMessage?chat_id=6518133154
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2712-13-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
2712-13-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ