snakekeylogger | 4f54be824a67f26e4efd110706d90d95989e2aabc10584a1c5dff911dd653d03 | Triage

Submit
Reports

Overview

overview

Static

static

3

063f5ca54c...3f.exe

windows7-x64

063f5ca54c...3f.exe

windows10-2004-x64

Sharing

General

Target

063f5ca54ca7abd4d74a16b9bfa7083f
Size

468KB
Sample

231225-fh28xsagap
MD5

063f5ca54ca7abd4d74a16b9bfa7083f
SHA1

75043ba263fdcbc5581eae2b8de080776a8f0058
SHA256

4f54be824a67f26e4efd110706d90d95989e2aabc10584a1c5dff911dd653d03
SHA512

ce667cf8ef3a90a935382d292d7810e74da343a70497d21d7041d8a90308f8ff2e611ea37c68353b0749f2b36e4feb6a7e3097ce48e3e689d00360fe51c5197a
SSDEEP

12288:O3Na9imfQu7Lv2mUHQ7fJa4ofNNUckb7/:O3NUimfhSc7fPLcc/

Score

10^/10

snakekeylogger zgrat keylogger persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

063f5ca54ca7abd4d74a16b9bfa7083f.exe

Resource

win7-20231215-en

snakekeylogger zgrat keylogger persistence rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

063f5ca54ca7abd4d74a16b9bfa7083f.exe

Resource

win10v2004-20231215-en

snakekeylogger zgrat keylogger persistence rat stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
netjul.shop
Port:
587
Username:
[email protected]
Password:
83{2L@#$IXq!!
Email To:
[email protected]

Targets

- Target
  
  063f5ca54ca7abd4d74a16b9bfa7083f
- Size
  
  468KB
- MD5
  
  063f5ca54ca7abd4d74a16b9bfa7083f
- SHA1
  
  75043ba263fdcbc5581eae2b8de080776a8f0058
- SHA256
  
  4f54be824a67f26e4efd110706d90d95989e2aabc10584a1c5dff911dd653d03
- SHA512
  
  ce667cf8ef3a90a935382d292d7810e74da343a70497d21d7041d8a90308f8ff2e611ea37c68353b0749f2b36e4feb6a7e3097ce48e3e689d00360fe51c5197a
- SSDEEP
  
  12288:O3Na9imfQu7Lv2mUHQ7fJa4ofNNUckb7/:O3NUimfhSc7fPLcc/
Score

10^/10

snakekeylogger zgrat keylogger persistence rat stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerzgratkeyloggerpersistenceratstealer

behavioral2

snakekeyloggerzgratkeyloggerpersistenceratstealer

© 2018-2024

Terms | Privacy