Behavioral task
behavioral1
Sample
2844-13-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2844-13-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20231127-en
General
-
Target
2844-13-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
647e7cb681aa975dec0c405cad8cb765
-
SHA1
0ac1d3f2ca66161b60d684a73581f50df00f9532
-
SHA256
d4d8a98f17fb076127ac5edee725d2d4313c0684203f0e24368b65bcd33b5f61
-
SHA512
ec8376bc9789e42eeb95d9b82b179ed7cf32e2bd12d715856d59d4c6c51f8402164fcbc2ad860bca404efd13939846eadabf639f8cbc0ee1c0f3d6516bc1497f
-
SSDEEP
3072:RCCrDZr6KbK2i/rhT0FyrTwmSTNIfkbSVymdbwvcXuuO:eKbKx/rQikbuO
Malware Config
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2844-13-0x0000000000400000-0x0000000000426000-memory.dmp
Files
-
2844-13-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ