Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/o...

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/Snakeransom/snakeransom.exe

  • Sample

    241228-eg9e6swkfn

Score
10/10
zebrocybackdoordiscoverypersistencespywarestealertrojan

Malware Config

Targets

    • Target

      https://github.com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/Snakeransom/snakeransom.exe

    Score
    10/10
    zebrocybackdoordiscoverypersistencespywarestealertrojan

    • Zebrocy

      Zebrocy is a backdoor created by Sofacy threat group and has multiple variants developed in different languages.

      trojanbackdoorzebrocy

    • Zebrocy Go Variant

    • Zebrocy family

      zebrocy

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks