Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69061f74cdb3e055257f8b539f084cc1095a7c3ee7301522dafa5e1ca8b8fb04

  • Size

    1013KB

  • Sample

    220929-khp1taabf5

  • MD5

    917dbc2b27a9d0956cdd8539115e9e31

  • SHA1

    8f24c4cd684a538d766854e14e1a87059c371e71

  • SHA256

    69061f74cdb3e055257f8b539f084cc1095a7c3ee7301522dafa5e1ca8b8fb04

  • SHA512

    894341a781d7d6a6558950249df558b640e2d93f1f1b3aefb37da7e07ade774f440163829de14f30af527269e108c6842ad6c0f300e47583aa0f68341f52ca8b

  • SSDEEP

    12288:hG2iNMrmm1kzjzbkQrhf8zTscxqNGOMbQih1VPN3yGAcV1ObYBzn/BGkT:M1AB1pHEibQm9IcusFnZ7

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      69061f74cdb3e055257f8b539f084cc1095a7c3ee7301522dafa5e1ca8b8fb04

    • Size

      1013KB

    • MD5

      917dbc2b27a9d0956cdd8539115e9e31

    • SHA1

      8f24c4cd684a538d766854e14e1a87059c371e71

    • SHA256

      69061f74cdb3e055257f8b539f084cc1095a7c3ee7301522dafa5e1ca8b8fb04

    • SHA512

      894341a781d7d6a6558950249df558b640e2d93f1f1b3aefb37da7e07ade774f440163829de14f30af527269e108c6842ad6c0f300e47583aa0f68341f52ca8b

    • SSDEEP

      12288:hG2iNMrmm1kzjzbkQrhf8zTscxqNGOMbQih1VPN3yGAcV1ObYBzn/BGkT:M1AB1pHEibQm9IcusFnZ7

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks