General
-
Target
U1su8hmVj4ourFo.exe
-
Size
696KB
-
Sample
231101-g2lkysdf49
-
MD5
6948d3ae7ef630dd997b7d09e17159a0
-
SHA1
f22729b5b442119a1de75e12af90e3d97a1de68c
-
SHA256
b8c9a4161e9621de6e7fa177230bd3841a575a00f0456b54efab368046479722
-
SHA512
a11f351dd83dcb96485ae834085f28eb740b3295dbaa550acb717b0084a0a6cff9568a5084f7b690edea2c4f537ced85185d5735618bcebce993656f751cb751
-
SSDEEP
12288:6p11OhPAWlfRexM/YUPH6NFusNkmXuQcKyHQu:6O5AWlfRAFNMSMQcKBu
Static task
static1
Behavioral task
behavioral1
Sample
U1su8hmVj4ourFo.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
U1su8hmVj4ourFo.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5764904494:AAFs_l-L1X-oXjUJWZbsXjBMAreHGetTJvw/sendMessage?chat_id=5582419717
Targets
-
-
Target
U1su8hmVj4ourFo.exe
-
Size
696KB
-
MD5
6948d3ae7ef630dd997b7d09e17159a0
-
SHA1
f22729b5b442119a1de75e12af90e3d97a1de68c
-
SHA256
b8c9a4161e9621de6e7fa177230bd3841a575a00f0456b54efab368046479722
-
SHA512
a11f351dd83dcb96485ae834085f28eb740b3295dbaa550acb717b0084a0a6cff9568a5084f7b690edea2c4f537ced85185d5735618bcebce993656f751cb751
-
SSDEEP
12288:6p11OhPAWlfRexM/YUPH6NFusNkmXuQcKyHQu:6O5AWlfRAFNMSMQcKBu
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-