snakekeylogger | 96007bdda9d12cf59fd2844843f62d3a86b85cb732ee76004e2f93ac38d8c8af | Triage

Submit
Reports

Overview

overview

Static

static

3

033464d806...1b.exe

windows7-x64

033464d806...1b.exe

windows10-2004-x64

Sharing

General

Target

033464d80692b6ffd9f6938d8dca921b
Size

806KB
Sample

231225-d23bxsaffj
MD5

033464d80692b6ffd9f6938d8dca921b
SHA1

5463c7b2e3928d029d9ef4e9ae834994b8650d13
SHA256

96007bdda9d12cf59fd2844843f62d3a86b85cb732ee76004e2f93ac38d8c8af
SHA512

3c439e201b019bf8a9965211abb10ededdae3c74559ce0fa6c476ddd09743aa280aca074be85d8a450be607fb4998fc1f39cffbd481bf0189bcdca5bddef0fd0
SSDEEP

3072:2lSqfUfx0swpErm4ymFvR1pKucd78GMupAuFP27hIbf1sPzUgIAzI9+mCz7C3BfU:NqAxspJ45j+uZXu9EIBsYg1Cg

Score

10^/10

snakekeylogger zgrat keylogger rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

033464d80692b6ffd9f6938d8dca921b.exe

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

033464d80692b6ffd9f6938d8dca921b.exe

Resource

win10v2004-20231215-en

snakekeylogger zgrat keylogger rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1880141509:AAHjseWsCVnzygKB72YGbdj6S0DpdeKfGSs/sendMessage?chat_id=565072597

Targets

- Target
  
  033464d80692b6ffd9f6938d8dca921b
- Size
  
  806KB
- MD5
  
  033464d80692b6ffd9f6938d8dca921b
- SHA1
  
  5463c7b2e3928d029d9ef4e9ae834994b8650d13
- SHA256
  
  96007bdda9d12cf59fd2844843f62d3a86b85cb732ee76004e2f93ac38d8c8af
- SHA512
  
  3c439e201b019bf8a9965211abb10ededdae3c74559ce0fa6c476ddd09743aa280aca074be85d8a450be607fb4998fc1f39cffbd481bf0189bcdca5bddef0fd0
- SSDEEP
  
  3072:2lSqfUfx0swpErm4ymFvR1pKucd78GMupAuFP27hIbf1sPzUgIAzI9+mCz7C3BfU:NqAxspJ45j+uZXu9EIBsYg1Cg
Score

10^/10

zgrat rat snakekeylogger keylogger stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerzgratkeyloggerratstealer

© 2018-2024

Terms | Privacy