Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO_N∞ 303550900.rar

  • Size

    490KB

  • Sample

    221017-ycsfmsdafr

  • MD5

    7a73cfe5e13d80507f7a32ca3013bcec

  • SHA1

    10ae13f465b51d4887297d5d72ed2793449b57f0

  • SHA256

    310695600166e82a8276c76352e340cc4ced96335a81acb4c530e60e07d291ca

  • SHA512

    f7637ba220149270c9cc69f1fd2fb8e3fb24a21ec3066116148ecd3badbbf161eb928c0e88b5b67bc72d209a061054cb95630df86e48802b4797be7de95b52fb

  • SSDEEP

    12288:VBH1dwiy1b2UE8F7czcD1MF52v3VB9GNsodMu4O0E5:FdCcc3xG+Pufv5

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      PO_N° 303550900.exe

    • Size

      766KB

    • MD5

      3690f258325839e1e2321d5bc1f42716

    • SHA1

      8bb78bf22b8cafc4adcad44bd3b53f89a71d4f9b

    • SHA256

      a0b3665ecea80f1d40c7c39d97f2d79bcfad60361b0a9f429f872b8d4aa9065a

    • SHA512

      cbd0901abda0dfa884417acfc7645a99bd97b8663294710a1349e754e12b01f839ee043f7bf35346278e7557a2009994f4e2ac6341884468f8ec226480be8f70

    • SSDEEP

      12288:rEs/R4RB2cu+KJ0ewZNOFuXFhnGrAMyGFkWnkp05m9Fs2:CRuFFuXFUriekWnQ05I

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks