Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    in.exe

  • Size

    300KB

  • Sample

    230215-qxd5rabh75

  • MD5

    3c8d3d6f0286b15b3dd0ad59a150b3ef

  • SHA1

    4b655dfc7033727b6aaf72a84592c9d615002708

  • SHA256

    dec5bbf9420596e7e4b387c6331b6009817af7803e20f717ffb55dc313e60645

  • SHA512

    a1846ddad31b8654d4174958e8246215fd301efe2b0d1b79bd376445315fd40e0fd109b12babd00d0ef97947ae7b66ed5971be7d5b0723559d9e9c4c6cb59d11

  • SSDEEP

    6144:YYa6+Dmz7Luk+9PG0DB4wM/gNA1QUOwMzkZIk/D7Hr0oVytG:YYYW76k6PzF4w3GJ7BFHTy8

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5409930542:AAFxwqGbFuHLkEcoI_Wd5LmyaZ64bak9as0/sendMessage?chat_id=5492983899

Targets

    • Target

      in.exe

    • Size

      300KB

    • MD5

      3c8d3d6f0286b15b3dd0ad59a150b3ef

    • SHA1

      4b655dfc7033727b6aaf72a84592c9d615002708

    • SHA256

      dec5bbf9420596e7e4b387c6331b6009817af7803e20f717ffb55dc313e60645

    • SHA512

      a1846ddad31b8654d4174958e8246215fd301efe2b0d1b79bd376445315fd40e0fd109b12babd00d0ef97947ae7b66ed5971be7d5b0723559d9e9c4c6cb59d11

    • SSDEEP

      6144:YYa6+Dmz7Luk+9PG0DB4wM/gNA1QUOwMzkZIk/D7Hr0oVytG:YYYW76k6PzF4w3GJ7BFHTy8

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks