General

  • Target

    SIPARIS-290124.PDF.exe

  • Size

    1.1MB

  • Sample

    241024-lxwbtasana

  • MD5

    d4210ccbd1645f4b055035b206594685

  • SHA1

    6e4b56c0b706d4521145fc729c211212523ddcea

  • SHA256

    5f5a3703983e3f2a5831a406e4f7a5d04b7564124aa13209482af4d628745634

  • SHA512

    86009b9f0a2c59bc1b093f83b9a77e149dd6509d1df5eb5cb9c8b312e558c787995afbbdcb5b2b3642ff5314ea919293727bb54eea2e61e481445ce12fefc204

  • SSDEEP

    24576:kfmMv6Ckr7Mny5QNdyh31VtTsEBD74232KGV7Z:k3v+7/5QNdybng232KY

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7754092182:AAFhYG1ixwJ3gbkMI8P9ofyeJ8nQ3W5NoAU/sendMessage?chat_id=6008123474

Targets

    • Target

      SIPARIS-290124.PDF.exe

    • Size

      1.1MB

    • MD5

      d4210ccbd1645f4b055035b206594685

    • SHA1

      6e4b56c0b706d4521145fc729c211212523ddcea

    • SHA256

      5f5a3703983e3f2a5831a406e4f7a5d04b7564124aa13209482af4d628745634

    • SHA512

      86009b9f0a2c59bc1b093f83b9a77e149dd6509d1df5eb5cb9c8b312e558c787995afbbdcb5b2b3642ff5314ea919293727bb54eea2e61e481445ce12fefc204

    • SSDEEP

      24576:kfmMv6Ckr7Mny5QNdyh31VtTsEBD74232KGV7Z:k3v+7/5QNdybng232KY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks