Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    771fb47f72480a0a1e93dab12165e657.exe

  • Size

    836KB

  • Sample

    221019-ggvywsfddr

  • MD5

    771fb47f72480a0a1e93dab12165e657

  • SHA1

    aee13ab0f1703ec1a340c8187eb0e528f5c09ac7

  • SHA256

    020023df02a173b4f891fa2f6c2f7a5d4145faf4c5c94eadbc346d5bbb593568

  • SHA512

    fbba7ea422a6fd0ec2c369e9946bef136aee77e18d630084101ce22e861449a6bacedcc177b99c4c84326a8e20f2c53df59cd0d6c47735a73b10d5823275db01

  • SSDEEP

    12288:B7Kr7YP0da95eFAKBuoZmPIF43v+4Z0lR/y7Poco:cYMdaiqGmPIFW3Z0lR/Oo

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662

Targets

    • Target

      771fb47f72480a0a1e93dab12165e657.exe

    • Size

      836KB

    • MD5

      771fb47f72480a0a1e93dab12165e657

    • SHA1

      aee13ab0f1703ec1a340c8187eb0e528f5c09ac7

    • SHA256

      020023df02a173b4f891fa2f6c2f7a5d4145faf4c5c94eadbc346d5bbb593568

    • SHA512

      fbba7ea422a6fd0ec2c369e9946bef136aee77e18d630084101ce22e861449a6bacedcc177b99c4c84326a8e20f2c53df59cd0d6c47735a73b10d5823275db01

    • SSDEEP

      12288:B7Kr7YP0da95eFAKBuoZmPIF43v+4Z0lR/y7Poco:cYMdaiqGmPIFW3Z0lR/Oo

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks