Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Withdrawal Authorization Letter.exe

  • Size

    882KB

  • Sample

    221019-gw3x2sehc2

  • MD5

    ab51fcab2443142fb70bb50872407815

  • SHA1

    c50331ac38b78963d45230c57927c18be34638e9

  • SHA256

    1f9a0cce25f1860e53b471745a001b8d868ce4d96c3d5365c6c3d39c8b7ceb04

  • SHA512

    2d7f8c53add06e86528d12899565ee0c848f20903c9092b2bff1e3a4c842343fd82c66801d43e90bf0e111b9465bd59bffe5f8619daf989631954f92b3c64756

  • SSDEEP

    12288:i6WTGfEuEKW/CyXfwA/7k35yVHLnVheEEcIc/aZLBNcKii/ARh:eZKwCkfL/AGqHlciugg

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    mariel.lalu@jeteix.com
  • Password:
    qlRYaFn8
  • Email To:
    mariel.lalu@jeteix.com

Targets

    • Target

      Withdrawal Authorization Letter.exe

    • Size

      882KB

    • MD5

      ab51fcab2443142fb70bb50872407815

    • SHA1

      c50331ac38b78963d45230c57927c18be34638e9

    • SHA256

      1f9a0cce25f1860e53b471745a001b8d868ce4d96c3d5365c6c3d39c8b7ceb04

    • SHA512

      2d7f8c53add06e86528d12899565ee0c848f20903c9092b2bff1e3a4c842343fd82c66801d43e90bf0e111b9465bd59bffe5f8619daf989631954f92b3c64756

    • SSDEEP

      12288:i6WTGfEuEKW/CyXfwA/7k35yVHLnVheEEcIc/aZLBNcKii/ARh:eZKwCkfL/AGqHlciugg

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.