Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
LCL Import International Clearance.exe
-
Size
882KB
-
Sample
221010-g92xxaagh3
-
MD5
f32c84bf0aad0fc382a2c3ae35062156
-
SHA1
5ff3e05f44bf9e4711463edd8180f79e9b92d91e
-
SHA256
040e6ed9a19b41f4ca9c009574b1215169adbbd3b138fabbced22ddad3533805
-
SHA512
92183d2e90ef01e9de85b81247ecc913c0664e98c31aeca16e91a1a1d7c550fb460d605b67daa7c302bc1abdfc85d46b1bcb6df4cd7df6e8ffa4308c3b9b4b76
-
SSDEEP
12288:u2iN2J2uXb+ZmOGl3Yl9KRk8sQxDV2iiWGt188u3qtz7toq9HRogJt:u1BWG83YlMRk8sbiSf88u30d9bJ
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
qlRYaFn8 - Email To:
[email protected]
Targets
-
-
Target
LCL Import International Clearance.exe
-
Size
882KB
-
MD5
f32c84bf0aad0fc382a2c3ae35062156
-
SHA1
5ff3e05f44bf9e4711463edd8180f79e9b92d91e
-
SHA256
040e6ed9a19b41f4ca9c009574b1215169adbbd3b138fabbced22ddad3533805
-
SHA512
92183d2e90ef01e9de85b81247ecc913c0664e98c31aeca16e91a1a1d7c550fb460d605b67daa7c302bc1abdfc85d46b1bcb6df4cd7df6e8ffa4308c3b9b4b76
-
SSDEEP
12288:u2iN2J2uXb+ZmOGl3Yl9KRk8sQxDV2iiWGt188u3qtz7toq9HRogJt:u1BWG83YlMRk8sbiSf88u30d9bJ
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-