General
-
Target
PARATRANSFARIREMINDER.001.rar
-
Size
475KB
-
Sample
241223-zqrlya1law
-
MD5
2f1101e6d01d3a6861637b17b967325b
-
SHA1
3adbe2dea4b2787ea1416a4fba17e41e061c3b33
-
SHA256
5eece6dc81b8320054c32fc9d20c2f39766f0c30985717e526510d65c8c1ce7c
-
SHA512
ca26e69c54910a337ffe50820902760a359c7b71b7ee2a5287d4f7e3a612b1dcf892644a5c67afd03484bf522754d8a926f816a16ac1ae24236a3b653ea0ecab
-
SSDEEP
12288:TjGF2jC3UQuRTGs60HswHKYBC2t7+gLfIQvDR3CPsKwOUlDIqi:TjVjjQOTGs605HKksWfIcCPCDIr
Static task
static1
Behavioral task
behavioral1
Sample
PARATRANSFARI REMINDER.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
PARATRANSFARI REMINDER.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7535953552:AAEceAC130pKqikyDX9W3q553FopjnWE5ro/sendMessage?chat_id=1981459653
Targets
-
-
Target
PARATRANSFARI REMINDER.exe
-
Size
959KB
-
MD5
7d142eb549dacdfc9c357f482d5bf921
-
SHA1
57ef6110732b2d91f90c785a3fbba4a0112cdc87
-
SHA256
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4
-
SHA512
77d59910817caeaa0f8b10d46fb9cf849784d98550040fa6c97a65cbc5a13207f8e8c83edc60608ff5ffba61061704ca5ecfe8c7f01961ddd5dfc987994e26b1
-
SSDEEP
12288:yCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1Tc4lB6e8X:yCdxte/80jYLT3U1jfsWahT76bzZJoQ
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-