snakekeylogger | c6d2dd201807bd449e2d0f6fcbf31e89bb35d7809a492960b2c7b84129f60e6f | Triage

Submit
Reports

Overview

overview

Static

static

3

fe8a44e722...18.exe

windows7-x64

fe8a44e722...18.exe

windows10-2004-x64

Sharing

General

Target

fe8a44e7223bfebf50d2893845a70146_JaffaCakes118
Size

387KB
Sample

240421-f5a3yscf3z
MD5

fe8a44e7223bfebf50d2893845a70146
SHA1

0d001ba7d94d84e1554b57da5dada6e059dbeac1
SHA256

c6d2dd201807bd449e2d0f6fcbf31e89bb35d7809a492960b2c7b84129f60e6f
SHA512

5e928b908bd79ba40ca05d555a3bd4751d280727ef6a33ac877df378c5e6d561f98aa141b27edf2fe57cfa42d6c58e41d058d62b037a42d987d8376fb14b77d0
SSDEEP

6144:26rmM8xtvJ/xaJ6Mj/LP1OotM+B0cwhIs1/51aJPrD7ovV:27jFxi6MbxO4MzlAD7UV

Score

10^/10

snakekeylogger zgrat keylogger rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe8a44e7223bfebf50d2893845a70146_JaffaCakes118.exe

Resource

win7-20240221-en

snakekeylogger zgrat keylogger rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe8a44e7223bfebf50d2893845a70146_JaffaCakes118.exe

Resource

win10v2004-20240412-en

snakekeylogger zgrat keylogger rat stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.ccmainoffice.com
Port:
587
Username:
ccs@ccmainoffice.com
Password:
GR{I#+9{z4k6
Email To:
bpnorsernarine@gmail.com

Targets

- Target
  
  fe8a44e7223bfebf50d2893845a70146_JaffaCakes118
- Size
  
  387KB
- MD5
  
  fe8a44e7223bfebf50d2893845a70146
- SHA1
  
  0d001ba7d94d84e1554b57da5dada6e059dbeac1
- SHA256
  
  c6d2dd201807bd449e2d0f6fcbf31e89bb35d7809a492960b2c7b84129f60e6f
- SHA512
  
  5e928b908bd79ba40ca05d555a3bd4751d280727ef6a33ac877df378c5e6d561f98aa141b27edf2fe57cfa42d6c58e41d058d62b037a42d987d8376fb14b77d0
- SSDEEP
  
  6144:26rmM8xtvJ/xaJ6Mj/LP1OotM+B0cwhIs1/51aJPrD7ovV:27jFxi6MbxO4MzlAD7UV
Score

10^/10

snakekeylogger zgrat keylogger rat stealer
- Detect ZGRat V1
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerzgratkeyloggerratstealer

behavioral2

snakekeyloggerzgratkeyloggerratstealer

© 2018-2024

Terms | Privacy