Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO-VHR-S235029B.exe

  • Size

    881KB

  • Sample

    230418-nnvp2ach2y

  • MD5

    97bf3e9ac8d864df3fe745391b1d7b5c

  • SHA1

    19f6b1148326286635c38a74e0a0f9b222632ade

  • SHA256

    741caf63351d781a3c4c7b613947695c76bb5ebe864d53eb93acd9548a82038c

  • SHA512

    f27be725cb11bbc51110fb4f7e8843c011394baf08f267231d2d176033e651e77bdd37d197a14126b11043e9a94023c29c828ea9e811bb48c1401a13a653bd9a

  • SSDEEP

    12288:HW16FiPUY4eVPd0JTJxbh8FIGQSlxZc+b0/SOp3LzKBFxtXkUB1Z4J:24FEUYV6Xbg/bZcrl3vKBFksQ

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5818680343:AAGVJsfIHcopySiifMCdAaFCv-ICp2_Yo_M/sendMessage?chat_id=5765702254

Targets

    • Target

      PO-VHR-S235029B.exe

    • Size

      881KB

    • MD5

      97bf3e9ac8d864df3fe745391b1d7b5c

    • SHA1

      19f6b1148326286635c38a74e0a0f9b222632ade

    • SHA256

      741caf63351d781a3c4c7b613947695c76bb5ebe864d53eb93acd9548a82038c

    • SHA512

      f27be725cb11bbc51110fb4f7e8843c011394baf08f267231d2d176033e651e77bdd37d197a14126b11043e9a94023c29c828ea9e811bb48c1401a13a653bd9a

    • SSDEEP

      12288:HW16FiPUY4eVPd0JTJxbh8FIGQSlxZc+b0/SOp3LzKBFxtXkUB1Z4J:24FEUYV6Xbg/bZcrl3vKBFksQ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks