Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEW_PO#2220000004.exe

  • Size

    1.3MB

  • Sample

    220927-jmjh6achc9

  • MD5

    b1416169a5d9b7deb7e4a131c31c5dc2

  • SHA1

    0c799fbff28138911aec438815601ab372ee4f28

  • SHA256

    a4642bf9cbd641619645c6f4761ef8037b3844e948f588c8bd58e32eed70fb14

  • SHA512

    d71822e649f3232732fb315d65dbfff4b96474f0e34eff4ed2a9c4dd5866164360b79b9afeee13cdac000e23f6d83045e874ebbdee5a85eb1405d03497a34813

  • SSDEEP

    24576:+q8Go19UYpeaJFnrYyaXq/M1ZN916R3lN:+qsUCFnNa6QLnQ

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922

Targets

    • Target

      NEW_PO#2220000004.exe

    • Size

      1.3MB

    • MD5

      b1416169a5d9b7deb7e4a131c31c5dc2

    • SHA1

      0c799fbff28138911aec438815601ab372ee4f28

    • SHA256

      a4642bf9cbd641619645c6f4761ef8037b3844e948f588c8bd58e32eed70fb14

    • SHA512

      d71822e649f3232732fb315d65dbfff4b96474f0e34eff4ed2a9c4dd5866164360b79b9afeee13cdac000e23f6d83045e874ebbdee5a85eb1405d03497a34813

    • SSDEEP

      24576:+q8Go19UYpeaJFnrYyaXq/M1ZN916R3lN:+qsUCFnNa6QLnQ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks