General
-
Target
08823197d8b40df8b8926f8e7720d84d
-
Size
499KB
-
Sample
231225-ga87yahch3
-
MD5
08823197d8b40df8b8926f8e7720d84d
-
SHA1
1bb7458dff5b33c00baccee1f1f3b592c514e75b
-
SHA256
54c07a8dbda4527039a17994432efc6ad9e56d0c305694d33f60f1ce7c26b507
-
SHA512
268121dc717f233ecf59bb00caa664003aeede4e841cc8583fa3d5343b6340bd439c7d8ea1eb3467612e830bdcf3e0953f2d807a05091cee0574526de045263a
-
SSDEEP
12288:2cneg7Mx3GAOly3wObHGBuFlwmHUOSKcUcF5:kIe2AOswObmY0FpF
Static task
static1
Behavioral task
behavioral1
Sample
08823197d8b40df8b8926f8e7720d84d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
08823197d8b40df8b8926f8e7720d84d.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
netjul.shop - Port:
587 - Username:
[email protected] - Password:
uyJ^N,k+FfUN - Email To:
[email protected]
Targets
-
-
Target
08823197d8b40df8b8926f8e7720d84d
-
Size
499KB
-
MD5
08823197d8b40df8b8926f8e7720d84d
-
SHA1
1bb7458dff5b33c00baccee1f1f3b592c514e75b
-
SHA256
54c07a8dbda4527039a17994432efc6ad9e56d0c305694d33f60f1ce7c26b507
-
SHA512
268121dc717f233ecf59bb00caa664003aeede4e841cc8583fa3d5343b6340bd439c7d8ea1eb3467612e830bdcf3e0953f2d807a05091cee0574526de045263a
-
SSDEEP
12288:2cneg7Mx3GAOly3wObHGBuFlwmHUOSKcUcF5:kIe2AOswObmY0FpF
-
Detect ZGRat V1
-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-