General
-
Target
SIPARIS-290124.PDF.exe
-
Size
1.1MB
-
Sample
241024-lxwbtasana
-
MD5
d4210ccbd1645f4b055035b206594685
-
SHA1
6e4b56c0b706d4521145fc729c211212523ddcea
-
SHA256
5f5a3703983e3f2a5831a406e4f7a5d04b7564124aa13209482af4d628745634
-
SHA512
86009b9f0a2c59bc1b093f83b9a77e149dd6509d1df5eb5cb9c8b312e558c787995afbbdcb5b2b3642ff5314ea919293727bb54eea2e61e481445ce12fefc204
-
SSDEEP
24576:kfmMv6Ckr7Mny5QNdyh31VtTsEBD74232KGV7Z:k3v+7/5QNdybng232KY
Static task
static1
Behavioral task
behavioral1
Sample
SIPARIS-290124.PDF.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
SIPARIS-290124.PDF.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7754092182:AAFhYG1ixwJ3gbkMI8P9ofyeJ8nQ3W5NoAU/sendMessage?chat_id=6008123474
Targets
-
-
Target
SIPARIS-290124.PDF.exe
-
Size
1.1MB
-
MD5
d4210ccbd1645f4b055035b206594685
-
SHA1
6e4b56c0b706d4521145fc729c211212523ddcea
-
SHA256
5f5a3703983e3f2a5831a406e4f7a5d04b7564124aa13209482af4d628745634
-
SHA512
86009b9f0a2c59bc1b093f83b9a77e149dd6509d1df5eb5cb9c8b312e558c787995afbbdcb5b2b3642ff5314ea919293727bb54eea2e61e481445ce12fefc204
-
SSDEEP
24576:kfmMv6Ckr7Mny5QNdyh31VtTsEBD74232KGV7Z:k3v+7/5QNdybng232KY
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-