General

  • Target

    PARATRANSFARIREMINDER.001.rar

  • Size

    475KB

  • Sample

    241223-zqrlya1law

  • MD5

    2f1101e6d01d3a6861637b17b967325b

  • SHA1

    3adbe2dea4b2787ea1416a4fba17e41e061c3b33

  • SHA256

    5eece6dc81b8320054c32fc9d20c2f39766f0c30985717e526510d65c8c1ce7c

  • SHA512

    ca26e69c54910a337ffe50820902760a359c7b71b7ee2a5287d4f7e3a612b1dcf892644a5c67afd03484bf522754d8a926f816a16ac1ae24236a3b653ea0ecab

  • SSDEEP

    12288:TjGF2jC3UQuRTGs60HswHKYBC2t7+gLfIQvDR3CPsKwOUlDIqi:TjVjjQOTGs605HKksWfIcCPCDIr

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7535953552:AAEceAC130pKqikyDX9W3q553FopjnWE5ro/sendMessage?chat_id=1981459653

Targets

    • Target

      PARATRANSFARI REMINDER.exe

    • Size

      959KB

    • MD5

      7d142eb549dacdfc9c357f482d5bf921

    • SHA1

      57ef6110732b2d91f90c785a3fbba4a0112cdc87

    • SHA256

      36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4

    • SHA512

      77d59910817caeaa0f8b10d46fb9cf849784d98550040fa6c97a65cbc5a13207f8e8c83edc60608ff5ffba61061704ca5ecfe8c7f01961ddd5dfc987994e26b1

    • SSDEEP

      12288:yCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1Tc4lB6e8X:yCdxte/80jYLT3U1jfsWahT76bzZJoQ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks