snakekeylogger | e4f0202ed5502ab39c6e8a524e622710a44c0cb4774864168cfbdb50acdfc7e0 | Triage

Submit
Reports

Overview

overview

Static

static

3

e811b938aa...18.exe

windows7-x64

e811b938aa...18.exe

windows10-2004-x64

Sharing

General

Target

e811b938aa862c56cb9c74ff75b1cd1c_JaffaCakes118
Size

524KB
Sample

240408-whsmgsfd38
MD5

e811b938aa862c56cb9c74ff75b1cd1c
SHA1

cf0f39183c879876a3c432fa3f2f61ace9f4e92d
SHA256

e4f0202ed5502ab39c6e8a524e622710a44c0cb4774864168cfbdb50acdfc7e0
SHA512

8b87387f4e00d94c12d3f328f03283512d8dc85696719ea63694c312d14c8da4f067a14b85c38b630e9e5775e0d4d88d9c1a231422fe19e745edc169f5657808
SSDEEP

12288:oRzX6hpWNDsrc8sga90a+MQ67KeM0dI7CGttinQtRI1BRXu4Pd:oFSQsrE99e

Score

10^/10

snakekeylogger zgrat keylogger rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e811b938aa862c56cb9c74ff75b1cd1c_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger zgrat keylogger rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e811b938aa862c56cb9c74ff75b1cd1c_JaffaCakes118.exe

Resource

win10v2004-20240226-en

snakekeylogger zgrat keylogger rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1869381239:AAHBvxvMGCld7ba_XOftDtH1sFpxJJa1PMM/sendMessage?chat_id=1753229729

Targets

- Target
  
  e811b938aa862c56cb9c74ff75b1cd1c_JaffaCakes118
- Size
  
  524KB
- MD5
  
  e811b938aa862c56cb9c74ff75b1cd1c
- SHA1
  
  cf0f39183c879876a3c432fa3f2f61ace9f4e92d
- SHA256
  
  e4f0202ed5502ab39c6e8a524e622710a44c0cb4774864168cfbdb50acdfc7e0
- SHA512
  
  8b87387f4e00d94c12d3f328f03283512d8dc85696719ea63694c312d14c8da4f067a14b85c38b630e9e5775e0d4d88d9c1a231422fe19e745edc169f5657808
- SSDEEP
  
  12288:oRzX6hpWNDsrc8sga90a+MQ67KeM0dI7CGttinQtRI1BRXu4Pd:oFSQsrE99e
Score

10^/10

snakekeylogger zgrat keylogger rat stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerzgratkeyloggerratstealer

behavioral2

snakekeyloggerzgratkeyloggerratstealer

© 2018-2024

Terms | Privacy