Behavioral task
behavioral1
Sample
2664-9-0x0000000000080000-0x00000000000A6000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2664-9-0x0000000000080000-0x00000000000A6000-memory.exe
Resource
win10v2004-20240221-en
General
-
Target
2664-9-0x0000000000080000-0x00000000000A6000-memory.dmp
-
Size
152KB
-
MD5
7809b11ec32c4346d8b0af741b6d4838
-
SHA1
360e04b387749ac8e20c253856905521889bd868
-
SHA256
0fe4332786dcaae6db5d7ed5bedbe8673d22b6cc99347a4c63626c5b26b51c55
-
SHA512
0a7a4a788f0c0a4701beb3f34411f81699a64d57f3229524ba898c84f00db826728a028b250372b1eaf4fa2a6482724dbed0fa424606103ed6f8bc8784b152e5
-
SSDEEP
3072:7b+ltb4bLN9/QybO3s+1oblusQRwvxL8E3:ktb4HN9xEobaE3
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
25 - Username:
[email protected] - Password:
iU0Ta!$K8L51
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2664-9-0x0000000000080000-0x00000000000A6000-memory.dmp
Files
-
2664-9-0x0000000000080000-0x00000000000A6000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ