snakekeylogger | 99a8f6273aac765671301a598da93d087ac05db96ba3d90b8840c6028232ef53 | Triage

Submit
Reports

Overview

overview

Static

static

3

2d1f544d92...b2.exe

windows7-x64

2d1f544d92...b2.exe

windows10-2004-x64

Sharing

General

Target

2d1f544d92213574c8bc223be39f04b2
Size

451KB
Sample

231225-tykwgafcel
MD5

2d1f544d92213574c8bc223be39f04b2
SHA1

29ecf6bdf03e7016c97e19e2ee2ec784af4c7d2a
SHA256

99a8f6273aac765671301a598da93d087ac05db96ba3d90b8840c6028232ef53
SHA512

5cbec5530800e055d18f3e8695869b2f033d986206936afc36c79da38b005c5e87043a637bcbc26fca2b0440849d101cf4952ddab61529773a570fdc98ff0bb3
SSDEEP

6144:aSao4K/dUeonLTYuT/4K8ZO5NmgO7Mndwz1jVb/EcN7zXvwBWCz0pehSTXUZ737k:Ko47Bjb4PZO47D1BbRnXvURhh37k

Score

10^/10

snakekeylogger zgrat keylogger persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d1f544d92213574c8bc223be39f04b2.exe

Resource

win7-20231215-en

snakekeylogger zgrat keylogger persistence rat stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d1f544d92213574c8bc223be39f04b2.exe

Resource

win10v2004-20231215-en

snakekeylogger zgrat keylogger persistence rat stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
netjul.xyz
Port:
587
Username:
[email protected]
Password:
T@sLtjd{RHV99
Email To:
[email protected]

Targets

- Target
  
  2d1f544d92213574c8bc223be39f04b2
- Size
  
  451KB
- MD5
  
  2d1f544d92213574c8bc223be39f04b2
- SHA1
  
  29ecf6bdf03e7016c97e19e2ee2ec784af4c7d2a
- SHA256
  
  99a8f6273aac765671301a598da93d087ac05db96ba3d90b8840c6028232ef53
- SHA512
  
  5cbec5530800e055d18f3e8695869b2f033d986206936afc36c79da38b005c5e87043a637bcbc26fca2b0440849d101cf4952ddab61529773a570fdc98ff0bb3
- SSDEEP
  
  6144:aSao4K/dUeonLTYuT/4K8ZO5NmgO7Mndwz1jVb/EcN7zXvwBWCz0pehSTXUZ737k:Ko47Bjb4PZO47D1BbRnXvURhh37k
Score

10^/10

snakekeylogger zgrat keylogger persistence rat stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerzgratkeyloggerpersistenceratstealer

behavioral2

snakekeyloggerzgratkeyloggerpersistenceratstealer

© 2018-2024

Terms | Privacy