Behavioral task
behavioral1
Sample
2776-12-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2776-12-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20231020-en
General
-
Target
2776-12-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
f2f78dc002ae37f1dd1b9a2f57cd5a57
-
SHA1
0dd24ef9ac8682e4cb1bfe453c9d43759ed947d8
-
SHA256
3547976c755d1ab4587524aaa3c8665d8db2b89a29c1637b9076187d30fcb10f
-
SHA512
50f3c10acafb9bb5ef7a122395318b55c74f04b238dbacb19310f029d0621fc972196042ea303ed98d4cc99468983c38f34508113579604fad9f57696163a671
-
SSDEEP
1536:Z/jvlS6FLGNFKEdCRvRNKwMF8UWX0m623GEb/zZ/zGbijtpiOWBTnwN:Vjv0SaIiCRvRNKBiLIEb7VCu3wBTn
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yandex.com - Port:
587 - Username:
[email protected] - Password:
chijiokejackson121
https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2776-12-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
2776-12-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ