Behavioral task
behavioral1
Sample
2060-10-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2060-10-0x0000000000400000-0x0000000000424000-memory.exe
Resource
win10v2004-20231023-en
General
-
Target
2060-10-0x0000000000400000-0x0000000000424000-memory.dmp
-
Size
144KB
-
MD5
8f9371614d5fe48e23bbc8478e444751
-
SHA1
22b43c32cf1d7d7d8aac49bc3c488f3dfff35e53
-
SHA256
ab894ca6bea0e8cc5c4fc65f2a65a43ff94939f31231f9296e6229fa16e6c5c9
-
SHA512
bf3ebad781a8a04eaad68d88723936b34f2b19d7eedb5edae642139539ea8c97110f6c0a78c00272fbdbe3f0916227b5c85d7e04584d3ac51a0335c558481537
-
SSDEEP
1536:1R2lYen2RwKeRWJF8Atp+vBUFMlY6OgkKwBmsb+o16MFigB1b/zu2C/mKRJpiOW2:72lYlqsF8A8OgMz1b71qLwBgnvgbY
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.status-automation.com - Port:
587 - Username:
[email protected] - Password:
bkkhoostatus2018 - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2060-10-0x0000000000400000-0x0000000000424000-memory.dmp
Files
-
2060-10-0x0000000000400000-0x0000000000424000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ