Behavioral task
behavioral1
Sample
download.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
download.exe
Resource
win10v2004-20230915-en
General
-
Target
download.exe
-
Size
141KB
-
MD5
e3f685ac54f0cd34b274bd68fd13f126
-
SHA1
4203564851a478156d9036ab21196a6bf7b5c43c
-
SHA256
b220d7bfddcfd063cfa212b507492e836d8e91e2d7a9858614e24eed3147a819
-
SHA512
42f9bdd6a6fe124ebce12cee5fcce75794114fce3e947e049f73e641097f3edce39f8dc9b79a3fc8e8a74b9efd3694d99659c78cc114fbd9963aec2efe68a53b
-
SSDEEP
3072:chryR6+DP/CUqrEu9fygubH579wBPp/GrQWV/OS3KDbY:V+NubZ0p/8V/wb
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.pacific.co.za - Port:
587 - Username:
[email protected] - Password:
G@reth#M1tchell - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource download.exe
Files
-
download.exe.exe windows:4 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ