Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO-500741.exe

  • Size

    990KB

  • Sample

    230315-spq6fsdh44

  • MD5

    d2b6495aaed7ba9e21661e9246cc9382

  • SHA1

    5195b6fad939a73aa3bf5169a57104e773ffe743

  • SHA256

    320e2a1e5cd7741bcec4c8f6d37527ea1905844247b1419e201104d8dd6e0fc5

  • SHA512

    72b00dc16631e12213e86e046911155d55823b8f27207d77adfdc6a5f2bc8ab216eeeb319a083bfc6ef3d6c9289b368eade69257b9cd59cedaa5a7ba76d8966e

  • SSDEEP

    12288:/CnbIYazKJ2Ltj4YpY6EY8osxJ9mgDP5xugrFWRkgf45lFZJ6gcmK8JGRTw:/CHizL54gY6EKiXx/FTjFZsd+JT

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922

Targets

    • Target

      PO-500741.exe

    • Size

      990KB

    • MD5

      d2b6495aaed7ba9e21661e9246cc9382

    • SHA1

      5195b6fad939a73aa3bf5169a57104e773ffe743

    • SHA256

      320e2a1e5cd7741bcec4c8f6d37527ea1905844247b1419e201104d8dd6e0fc5

    • SHA512

      72b00dc16631e12213e86e046911155d55823b8f27207d77adfdc6a5f2bc8ab216eeeb319a083bfc6ef3d6c9289b368eade69257b9cd59cedaa5a7ba76d8966e

    • SSDEEP

      12288:/CnbIYazKJ2Ltj4YpY6EY8osxJ9mgDP5xugrFWRkgf45lFZJ6gcmK8JGRTw:/CHizL54gY6EKiXx/FTjFZsd+JT

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks