Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    abc.rar

  • Size

    8KB

  • Sample

    230206-ln8wjsge6t

  • MD5

    1b339e457b7ca302836a2def8a6ced97

  • SHA1

    9bd0900582445b950c3bb43cdcd30023cbfbc1f1

  • SHA256

    536ef2de17913ef296a7c856530b09fcfa8d06821e4367528a67c192e6faa934

  • SHA512

    71e198c25a5f02543c4fe5c801a6358ed618b31edbf908b8da92d0a5881a374b2b57d7f077b814091b526994b3ceea75d2ecb9e620b69e861a63bee76ad10a3e

  • SSDEEP

    192:84HQ0cGcXS/4V7kr0IavOfpIHidcFXYQBKOiYH/cod:8EQXi/4V7qF2CcY6Hcq

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6153811580:AAFDLNZoT-HelPNUs1JOyE22nWD-iLH7QKY/sendMessage?chat_id=5582419717

Targets

    • Target

      Tvccjkahqr.exe

    • Size

      17KB

    • MD5

      0e83d9def9f0d8b855725f0e0136201c

    • SHA1

      2846547d5f34abc3084192dbc6976484fae3c0a6

    • SHA256

      cf635b3f6775fdf343dee0e703f1ebc24a740d4b1c76ad11e4118bcc1e636882

    • SHA512

      cf274517ae75612af9bbcf08c69ecb98248098664559718f4bd76acd7d55945126d7b30a814c91ba239a88edc23fae34594ef479c9cc68361ca132a3f9aa98e6

    • SSDEEP

      384:MFqF+L4TURdJJsjYa4uz+0mYKC9fn9/Awh:0RdJJsjiM+dCJ9oS

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks