Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    1.1MB

  • Sample

    221104-1zhk3abec8

  • MD5

    178ff2e386dee063633a246556caf621

  • SHA1

    b6f7afc2f136c5a56a698814d5d500b6bdddf7b0

  • SHA256

    1e4d15ccd3ee787324ccd48246f980a8e37495b82e962a27e9d634b14e6660bc

  • SHA512

    8fbcf503ed94062ca294df0b16a401d3649b8f7d912a02c2e70d349e451ebfd69216b63257a2d76d0ffb2dba45021101f85580834314d7d0998c89e8513d46b0

  • SSDEEP

    24576:XW8DET+VwfHGXG31BX8+BvFr8TAqbDORBY:BbVwfpFBX8+BvFoDaY

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      tmp

    • Size

      1.1MB

    • MD5

      178ff2e386dee063633a246556caf621

    • SHA1

      b6f7afc2f136c5a56a698814d5d500b6bdddf7b0

    • SHA256

      1e4d15ccd3ee787324ccd48246f980a8e37495b82e962a27e9d634b14e6660bc

    • SHA512

      8fbcf503ed94062ca294df0b16a401d3649b8f7d912a02c2e70d349e451ebfd69216b63257a2d76d0ffb2dba45021101f85580834314d7d0998c89e8513d46b0

    • SSDEEP

      24576:XW8DET+VwfHGXG31BX8+BvFr8TAqbDORBY:BbVwfpFBX8+BvFoDaY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks