General
-
Target
063f5ca54ca7abd4d74a16b9bfa7083f
-
Size
468KB
-
Sample
231225-fh28xsagap
-
MD5
063f5ca54ca7abd4d74a16b9bfa7083f
-
SHA1
75043ba263fdcbc5581eae2b8de080776a8f0058
-
SHA256
4f54be824a67f26e4efd110706d90d95989e2aabc10584a1c5dff911dd653d03
-
SHA512
ce667cf8ef3a90a935382d292d7810e74da343a70497d21d7041d8a90308f8ff2e611ea37c68353b0749f2b36e4feb6a7e3097ce48e3e689d00360fe51c5197a
-
SSDEEP
12288:O3Na9imfQu7Lv2mUHQ7fJa4ofNNUckb7/:O3NUimfhSc7fPLcc/
Static task
static1
Behavioral task
behavioral1
Sample
063f5ca54ca7abd4d74a16b9bfa7083f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
063f5ca54ca7abd4d74a16b9bfa7083f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
netjul.shop - Port:
587 - Username:
[email protected] - Password:
83{2L@#$IXq!! - Email To:
[email protected]
Targets
-
-
Target
063f5ca54ca7abd4d74a16b9bfa7083f
-
Size
468KB
-
MD5
063f5ca54ca7abd4d74a16b9bfa7083f
-
SHA1
75043ba263fdcbc5581eae2b8de080776a8f0058
-
SHA256
4f54be824a67f26e4efd110706d90d95989e2aabc10584a1c5dff911dd653d03
-
SHA512
ce667cf8ef3a90a935382d292d7810e74da343a70497d21d7041d8a90308f8ff2e611ea37c68353b0749f2b36e4feb6a7e3097ce48e3e689d00360fe51c5197a
-
SSDEEP
12288:O3Na9imfQu7Lv2mUHQ7fJa4ofNNUckb7/:O3NUimfhSc7fPLcc/
-
Detect ZGRat V1
-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-