Behavioral task
behavioral1
Sample
984-12-0x0000000140000000-0x0000000140022000-memory.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
984-12-0x0000000140000000-0x0000000140022000-memory.exe
Resource
win10v2004-20231130-en
General
-
Target
984-12-0x0000000140000000-0x0000000140022000-memory.dmp
-
Size
136KB
-
MD5
9c1c355bad402d06749a1932931212f7
-
SHA1
b51f0b1f5fe3707faa0975e9c76bdc6be0bdca49
-
SHA256
f2f9a4085225a7b1d17e143d42714ba7636427014efb069d5df41f6debd83609
-
SHA512
752e94cbcf912bc0d8632af8cb5faa2038947bce0e5256744c12e6b546f2edbbc8f6cef1b2ab48312700e6b7aff8ccdd335632d606aa230218556a230e335c87
-
SSDEEP
3072:zOOYz2sMJZjJ3EJQS1jbUmKZlKwBvUtDbY:gz59jboZTUVb
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6291795537:AAEMBnTzrVQuxAduZ-X6E2opYJoPQJoG5tY/sendMessage?chat_id=5262627523
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 984-12-0x0000000140000000-0x0000000140022000-memory.dmp
Files
-
984-12-0x0000000140000000-0x0000000140022000-memory.dmp.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ