Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
3060-29-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3060-29-0x0000000000400000-0x0000000000426000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
3060-29-0x0000000000400000-0x0000000000426000-memory.dmp
-
Size
152KB
-
MD5
1ce994b004c2bf7422e987f375393bf3
-
SHA1
7274c6c24c5286c5e3135d2426094ea4c1ada2a3
-
SHA256
e9434775c2dfce9e2c856fd8ae1009aef91909a39e919879a6fc0a78cd697e8e
-
SHA512
7af7f88d0b851248ab9a1dd2709eb4c73da6d0c731f73c5d443830da53ea1a3267112d51a73303fa7af5be67ca2f8ab514e4a19b0c52aeedd3b5c441d9ca0ce0
-
SSDEEP
3072:lLIyRktx3CI9jVhNZ5KvRksb5h8m9ywvcGLgbY:DRyxSoKksbbmb
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ozdenticaret.com.tr - Port:
587 - Username:
[email protected] - Password:
Ozd.135246 - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3060-29-0x0000000000400000-0x0000000000426000-memory.dmp
Files
-
3060-29-0x0000000000400000-0x0000000000426000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ