General
-
Target
1f7512f7a6bf838034fed029aa56e843
-
Size
1.4MB
-
Sample
231225-bjqt3ahbh3
-
MD5
1f7512f7a6bf838034fed029aa56e843
-
SHA1
b308c124f8e3bf19807680f36bd0990ab5c9693a
-
SHA256
ee320b505f47ed1eaf6fd14b090b4a555e2c1b1cdba76a721c4d89598688ce1f
-
SHA512
1ef1a4e684ed00e33b7c81a0be0a7d80c339deec8d1bae90c90fe0adbba5eaea68041e5f37d3859f84ca4fd75f33e61ae445bceb1b05fd023676a8c74bf2c6ce
-
SSDEEP
12288:gz+7DBJg7Ef0CxVZmGNWR1/PL5RpBCDP6KsEEruB91pV+GS0r9Jj8Gx5IfVpeSQm:++XfcNTL0Qbp0nIsSEYf
Static task
static1
Behavioral task
behavioral1
Sample
1f7512f7a6bf838034fed029aa56e843.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1f7512f7a6bf838034fed029aa56e843.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sayimkalip.com - Port:
587 - Username:
[email protected] - Password:
3edcvfr4** - Email To:
[email protected]
https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783
Targets
-
-
Target
1f7512f7a6bf838034fed029aa56e843
-
Size
1.4MB
-
MD5
1f7512f7a6bf838034fed029aa56e843
-
SHA1
b308c124f8e3bf19807680f36bd0990ab5c9693a
-
SHA256
ee320b505f47ed1eaf6fd14b090b4a555e2c1b1cdba76a721c4d89598688ce1f
-
SHA512
1ef1a4e684ed00e33b7c81a0be0a7d80c339deec8d1bae90c90fe0adbba5eaea68041e5f37d3859f84ca4fd75f33e61ae445bceb1b05fd023676a8c74bf2c6ce
-
SSDEEP
12288:gz+7DBJg7Ef0CxVZmGNWR1/PL5RpBCDP6KsEEruB91pV+GS0r9Jj8Gx5IfVpeSQm:++XfcNTL0Qbp0nIsSEYf
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-