General
-
Target
033464d80692b6ffd9f6938d8dca921b
-
Size
806KB
-
Sample
231225-d23bxsaffj
-
MD5
033464d80692b6ffd9f6938d8dca921b
-
SHA1
5463c7b2e3928d029d9ef4e9ae834994b8650d13
-
SHA256
96007bdda9d12cf59fd2844843f62d3a86b85cb732ee76004e2f93ac38d8c8af
-
SHA512
3c439e201b019bf8a9965211abb10ededdae3c74559ce0fa6c476ddd09743aa280aca074be85d8a450be607fb4998fc1f39cffbd481bf0189bcdca5bddef0fd0
-
SSDEEP
3072:2lSqfUfx0swpErm4ymFvR1pKucd78GMupAuFP27hIbf1sPzUgIAzI9+mCz7C3BfU:NqAxspJ45j+uZXu9EIBsYg1Cg
Static task
static1
Behavioral task
behavioral1
Sample
033464d80692b6ffd9f6938d8dca921b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
033464d80692b6ffd9f6938d8dca921b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1880141509:AAHjseWsCVnzygKB72YGbdj6S0DpdeKfGSs/sendMessage?chat_id=565072597
Targets
-
-
Target
033464d80692b6ffd9f6938d8dca921b
-
Size
806KB
-
MD5
033464d80692b6ffd9f6938d8dca921b
-
SHA1
5463c7b2e3928d029d9ef4e9ae834994b8650d13
-
SHA256
96007bdda9d12cf59fd2844843f62d3a86b85cb732ee76004e2f93ac38d8c8af
-
SHA512
3c439e201b019bf8a9965211abb10ededdae3c74559ce0fa6c476ddd09743aa280aca074be85d8a450be607fb4998fc1f39cffbd481bf0189bcdca5bddef0fd0
-
SSDEEP
3072:2lSqfUfx0swpErm4ymFvR1pKucd78GMupAuFP27hIbf1sPzUgIAzI9+mCz7C3BfU:NqAxspJ45j+uZXu9EIBsYg1Cg
Score10/10-
Detect ZGRat V1
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-