Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Payment Advice.exe

  • Size

    867KB

  • Sample

    230215-qv874sbf7y

  • MD5

    7385b9a6b159a04d4a4d29c469abca7d

  • SHA1

    ab591b6d039f81648057ceffde88a1a07eaab82e

  • SHA256

    3b33ec65f67fa0d16d24cecc78ed7fb7922ca1b952648846cc87c4b5b7682eaf

  • SHA512

    b1ab958da83a2d3862661126c106e4430ecc42c4e932d7e7a22a83730b016ce50f1109ff379ec41e69cafac9fc9a7649b3759cd4e7f0f639d146e0862a5d4f2f

  • SSDEEP

    24576:jpD8iV2K1ntJQSY12+Vu2KcIl7OD3stPHM:d8UThtZC/w2JKyD8Z

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6262247910:AAE4jpGXApuGyNo9i5Gac5UwUxrCbw4HXyY/sendMessage?chat_id=5962295104

Targets

    • Target

      Payment Advice.exe

    • Size

      867KB

    • MD5

      7385b9a6b159a04d4a4d29c469abca7d

    • SHA1

      ab591b6d039f81648057ceffde88a1a07eaab82e

    • SHA256

      3b33ec65f67fa0d16d24cecc78ed7fb7922ca1b952648846cc87c4b5b7682eaf

    • SHA512

      b1ab958da83a2d3862661126c106e4430ecc42c4e932d7e7a22a83730b016ce50f1109ff379ec41e69cafac9fc9a7649b3759cd4e7f0f639d146e0862a5d4f2f

    • SSDEEP

      24576:jpD8iV2K1ntJQSY12+Vu2KcIl7OD3stPHM:d8UThtZC/w2JKyD8Z

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks