Behavioral task
behavioral1
Sample
3672-4917-0x0000000000080000-0x00000000000A6000-memory.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3672-4917-0x0000000000080000-0x00000000000A6000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
3672-4917-0x0000000000080000-0x00000000000A6000-memory.dmp
-
Size
152KB
-
MD5
a0244384e7a5bb86b34b0b37e1812aa8
-
SHA1
807d33c15b39a08ff85ebe936f2f760b59990d6b
-
SHA256
5ef7a04aa83c97f8805bb5041e620270ece176721381791d5f91428589b4eb5d
-
SHA512
948141c4776477ed0ed98d51e6c5b5fa9db95721dc828b8334035a6894bce61acce958374685ecf391726f7171f18e4faa7f3865fa301e68aed286ee5556e19e
-
SSDEEP
3072:og+aGaotCjVz+LKTCp4jagor2b3rjlbaeJsLUwvxdBzgbY:WaoiVqLKTNlb76BEb
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
ypcog.shop - Port:
587 - Username:
[email protected] - Password:
VkkUCofD0slW - Email To:
[email protected]
Signatures
-
Snake Keylogger payload 1 IoCs
Processes:
resource yara_rule sample family_snakekeylogger -
Snakekeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3672-4917-0x0000000000080000-0x00000000000A6000-memory.dmp
Files
-
3672-4917-0x0000000000080000-0x00000000000A6000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ