snakekeylogger | b8c9a4161e9621de6e7fa177230bd3841a575a00f0456b54efab368046479722 | Triage

Submit
Reports

Overview

overview

Static

static

3

U1su8hmVj4ourFo.exe

windows7-x64

U1su8hmVj4ourFo.exe

windows10-2004-x64

Sharing

General

Target

U1su8hmVj4ourFo.exe
Size

696KB
Sample

231101-g2lkysdf49
MD5

6948d3ae7ef630dd997b7d09e17159a0
SHA1

f22729b5b442119a1de75e12af90e3d97a1de68c
SHA256

b8c9a4161e9621de6e7fa177230bd3841a575a00f0456b54efab368046479722
SHA512

a11f351dd83dcb96485ae834085f28eb740b3295dbaa550acb717b0084a0a6cff9568a5084f7b690edea2c4f537ced85185d5735618bcebce993656f751cb751
SSDEEP

12288:6p11OhPAWlfRexM/YUPH6NFusNkmXuQcKyHQu:6O5AWlfRAFNMSMQcKBu

Score

10^/10

snakekeylogger zgrat keylogger rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

U1su8hmVj4ourFo.exe

Resource

win7-20231023-en

snakekeylogger zgrat keylogger rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

U1su8hmVj4ourFo.exe

Resource

win10v2004-20231020-en

snakekeylogger zgrat keylogger rat stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5764904494:AAFs_l-L1X-oXjUJWZbsXjBMAreHGetTJvw/sendMessage?chat_id=5582419717

Targets

- Target
  
  U1su8hmVj4ourFo.exe
- Size
  
  696KB
- MD5
  
  6948d3ae7ef630dd997b7d09e17159a0
- SHA1
  
  f22729b5b442119a1de75e12af90e3d97a1de68c
- SHA256
  
  b8c9a4161e9621de6e7fa177230bd3841a575a00f0456b54efab368046479722
- SHA512
  
  a11f351dd83dcb96485ae834085f28eb740b3295dbaa550acb717b0084a0a6cff9568a5084f7b690edea2c4f537ced85185d5735618bcebce993656f751cb751
- SSDEEP
  
  12288:6p11OhPAWlfRexM/YUPH6NFusNkmXuQcKyHQu:6O5AWlfRAFNMSMQcKBu
Score

10^/10

snakekeylogger zgrat keylogger rat stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerzgratkeyloggerratstealer

behavioral2

snakekeyloggerzgratkeyloggerratstealer

© 2018-2024

Terms | Privacy