Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    KvlzN7SaEJQgetq.exe

  • Size

    840KB

  • Sample

    221206-s535ysbc47

  • MD5

    bfd1be3c1b51983177c7ec0769816da1

  • SHA1

    10d8ccd2ab82a7c98494b25667b66628fc4487d2

  • SHA256

    a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44

  • SHA512

    b91ddbbc428d2ee9e9607b5b5d7f8303dc4dbaa6f086da3df76bc85a8ef34f534423fa6e95aa70fbc6e5c023c84a4388e28f8123e6a71e3a99260b663304b15a

  • SSDEEP

    12288:pyvlqU+EegGqZN+2eM2gvX88uT3zVgVn7r95f0bRHwAxxGBH5Ddzoa1cfN:IvdeRqbPeS/83zCV7hN0FxABH5DdEPf

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5527276937:AAFXPayV6BQ7JPPGsD5rUkKZ4cn3m-d_W-0/sendMessage?chat_id=5582419717

Targets

    • Target

      KvlzN7SaEJQgetq.exe

    • Size

      840KB

    • MD5

      bfd1be3c1b51983177c7ec0769816da1

    • SHA1

      10d8ccd2ab82a7c98494b25667b66628fc4487d2

    • SHA256

      a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44

    • SHA512

      b91ddbbc428d2ee9e9607b5b5d7f8303dc4dbaa6f086da3df76bc85a8ef34f534423fa6e95aa70fbc6e5c023c84a4388e28f8123e6a71e3a99260b663304b15a

    • SSDEEP

      12288:pyvlqU+EegGqZN+2eM2gvX88uT3zVgVn7r95f0bRHwAxxGBH5Ddzoa1cfN:IvdeRqbPeS/83zCV7hN0FxABH5DdEPf

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks