General

  • Target

    7c3505fdb0dfd99c7d263b56e97e40d4

  • Size

    541KB

  • Sample

    240128-fjvv8sdeen

  • MD5

    7c3505fdb0dfd99c7d263b56e97e40d4

  • SHA1

    bdf96e1d18447edd8e79a6c684bd9e5774fa0058

  • SHA256

    541d53ec290dfc6f72f5826760baefbafb77ff086fde272c836931124c926c31

  • SHA512

    0fdc69d1840948481437f66a491c4dfe132b67879da70cd6b082d93524aede88238d5da414a34bd68eb69a1e62f06f9b28f10c7a43228a511de6e0e96aa37b10

  • SSDEEP

    12288:TLRq+k9UYjjYsII9RyaQFJoU56r7o99uhzHx0gS0dVWMAdVEWh4TX7:0ZftmZSC4W5K

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      7c3505fdb0dfd99c7d263b56e97e40d4

    • Size

      541KB

    • MD5

      7c3505fdb0dfd99c7d263b56e97e40d4

    • SHA1

      bdf96e1d18447edd8e79a6c684bd9e5774fa0058

    • SHA256

      541d53ec290dfc6f72f5826760baefbafb77ff086fde272c836931124c926c31

    • SHA512

      0fdc69d1840948481437f66a491c4dfe132b67879da70cd6b082d93524aede88238d5da414a34bd68eb69a1e62f06f9b28f10c7a43228a511de6e0e96aa37b10

    • SSDEEP

      12288:TLRq+k9UYjjYsII9RyaQFJoU56r7o99uhzHx0gS0dVWMAdVEWh4TX7:0ZftmZSC4W5K

    • Detect ZGRat V1

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks