snakekeylogger | 4904eb9d14caf0d27edb86f213ad699037d774bedf0eab61938dcbc739b6ffc0 | Triage

Submit
Reports

Overview

overview

Static

static

3

f6c3a90292...18.exe

windows7-x64

f6c3a90292...18.exe

windows10-2004-x64

Sharing

General

Target

f6c3a902929c045050ef8c4de8233803_JaffaCakes118
Size

410KB
Sample

240417-21gktsaa7x
MD5

f6c3a902929c045050ef8c4de8233803
SHA1

b826f62738f8ead89624230e1c4fce581170588e
SHA256

4904eb9d14caf0d27edb86f213ad699037d774bedf0eab61938dcbc739b6ffc0
SHA512

03ca9c01ace72f9223083de47b781d6eb2b28b1a3d8a24b2f261c6c0631fe465547f3a7f6b81064667f97977999c28818822a7d8e047d6a24946d5ed8307244b
SSDEEP

12288:JGqxEFVzMF9tsoS8dZHJ2bDuIqRHs+tfbcQ4:JGq2a9tsZ8diwRH4

Score

10^/10

snakekeylogger zgrat keylogger rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f6c3a902929c045050ef8c4de8233803_JaffaCakes118.exe

Resource

win7-20240215-en

snakekeylogger zgrat keylogger rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6c3a902929c045050ef8c4de8233803_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger zgrat keylogger rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.yandex.ru
Port:
587
Username:
parvin.artin@yandex.com
Password:
4U9IF}6&=X
Email To:
parvin.artin@yandex.com

Targets

- Target
  
  f6c3a902929c045050ef8c4de8233803_JaffaCakes118
- Size
  
  410KB
- MD5
  
  f6c3a902929c045050ef8c4de8233803
- SHA1
  
  b826f62738f8ead89624230e1c4fce581170588e
- SHA256
  
  4904eb9d14caf0d27edb86f213ad699037d774bedf0eab61938dcbc739b6ffc0
- SHA512
  
  03ca9c01ace72f9223083de47b781d6eb2b28b1a3d8a24b2f261c6c0631fe465547f3a7f6b81064667f97977999c28818822a7d8e047d6a24946d5ed8307244b
- SSDEEP
  
  12288:JGqxEFVzMF9tsoS8dZHJ2bDuIqRHs+tfbcQ4:JGq2a9tsZ8diwRH4
Score

10^/10

snakekeylogger zgrat keylogger rat stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerzgratkeyloggerratstealer

behavioral2

snakekeyloggerzgratkeyloggerratstealer

© 2018-2024

Terms | Privacy