Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEW PO 20225181.xlsx

  • Size

    224KB

  • Sample

    220919-jzze5sfec6

  • MD5

    6826bbee258392a79f20091716a3fd15

  • SHA1

    94fb6fbc30e5957f6b237cdf99f7015dd2853331

  • SHA256

    f9e9464169205be40bda49d94c135db4dd6daec15eaaed39b0e3ad1afe497316

  • SHA512

    e912c44ea39108645c2ce1e9dabedd65b81e1f87f2adea216fd39603b5615a203d03ff37ed4ea35c1fd0f0e8cb3ed4ff43fd37411a36c209c653164a3979130d

  • SSDEEP

    6144:d2CK4NbWM2cOu9pJXNzblkX2MxcRrWDKtGG7:ECK4EM6upJRbym9R4U

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      NEW PO 20225181.xlsx

    • Size

      224KB

    • MD5

      6826bbee258392a79f20091716a3fd15

    • SHA1

      94fb6fbc30e5957f6b237cdf99f7015dd2853331

    • SHA256

      f9e9464169205be40bda49d94c135db4dd6daec15eaaed39b0e3ad1afe497316

    • SHA512

      e912c44ea39108645c2ce1e9dabedd65b81e1f87f2adea216fd39603b5615a203d03ff37ed4ea35c1fd0f0e8cb3ed4ff43fd37411a36c209c653164a3979130d

    • SSDEEP

      6144:d2CK4NbWM2cOu9pJXNzblkX2MxcRrWDKtGG7:ECK4EM6upJRbym9R4U

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks