Behavioral task
behavioral1
Sample
2684-11-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2684-11-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2684-11-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
423369d31f0a67cdc710580c0844fd73
-
SHA1
5ec5a3bbcb67d972f95eceb2a16da9ea77a02dea
-
SHA256
84f642a566fc2ef5e9775f84ef2f8a13df777b115c7944d8e4db5ab407095d80
-
SHA512
5dcc25ec7da4ee7fbc1c6d4f1ad12039be678c2c773871d8a86921278d749d8afb4f61006fbd156bee0659550a647cdb94143ae105cf727a2e25bae66c617b9f
-
SSDEEP
1536:kOOYzPuJ+iCU2J4nakXr+vBUFMlY6Zn9dCfdGhhLzMF3YZVJpCab/zIwmFXQdIpc:kOOYz2L2qnak0ZnlZ5Cab7FKwBvP
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1513074805:AAE9QtTNfInovOlDzP4PcE-Ro12KxYiz9Z4/sendMessage?chat_id=1673719962
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2684-11-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
2684-11-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ