Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SOLICITUD DE OFERTA.exe

  • Size

    584KB

  • Sample

    220921-f91t6sfce4

  • MD5

    b054f014538d20144233d8f91bcf6707

  • SHA1

    4f4d602570d9dbdd7206f4161eaa8ee815049b07

  • SHA256

    bc24cb4f4f62067fa75d7dde37d2036b1c179c1554bfe66af8f3bb823fdce4de

  • SHA512

    a5740d9dac0a2fdb68d133ba61aba452bfcdc6138ed445f4bacd73cdb47050a4cc0f0f4d6d474fa9302bf080996de7a2466e111a36ce0d44a64f29c75028050e

  • SSDEEP

    12288:+UVN8v42n9NGRXE4G8GzLHpAavZN43Y3APQB:BY4ASm8yaavZN4I3AY

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      SOLICITUD DE OFERTA.exe

    • Size

      584KB

    • MD5

      b054f014538d20144233d8f91bcf6707

    • SHA1

      4f4d602570d9dbdd7206f4161eaa8ee815049b07

    • SHA256

      bc24cb4f4f62067fa75d7dde37d2036b1c179c1554bfe66af8f3bb823fdce4de

    • SHA512

      a5740d9dac0a2fdb68d133ba61aba452bfcdc6138ed445f4bacd73cdb47050a4cc0f0f4d6d474fa9302bf080996de7a2466e111a36ce0d44a64f29c75028050e

    • SSDEEP

      12288:+UVN8v42n9NGRXE4G8GzLHpAavZN43Y3APQB:BY4ASm8yaavZN4I3AY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks