Behavioral task
behavioral1
Sample
1436-18-0x0000000000400000-0x000000000043A000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1436-18-0x0000000000400000-0x000000000043A000-memory.exe
Resource
win10v2004-20231023-en
General
-
Target
1436-18-0x0000000000400000-0x000000000043A000-memory.dmp
-
Size
232KB
-
MD5
9b024ec5e2074a2707c7056d2f66f83a
-
SHA1
4a1df802a444b212f6812deceed99f3dc5fcd000
-
SHA256
128b407bc427c199a726b05d236f5b2c88088569cdfb1a4f334b060d92afccc1
-
SHA512
29ede609fbca3be9db8c1b8cde93abf5fcfefbd3ba7004cdd10de7cd6ee1ffe0d1959fe67c3bb942008dcf54f42ada78c03f34cdc30cbccad7c80ad6358dac06
-
SSDEEP
3072:nBGybM97hOQ/iK2jrOyipc/XbKjv0OhryR6UGnK6oZdUt9Cnb7SzpEFwBINKgbYa:UDthOzj8czKQbjNPUtInbapaNTb
Malware Config
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1436-18-0x0000000000400000-0x000000000043A000-memory.dmp
Files
-
1436-18-0x0000000000400000-0x000000000043A000-memory.dmp.exe windows:6 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 140KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UPX1 Size: 82KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE