Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    arinzezx.exe

  • Size

    550KB

  • Sample

    230420-dp961afb95

  • MD5

    fd876cea9afb2f7587a2bde3fc700337

  • SHA1

    1488bf5d3da8ce3e99c6dd16109be50363772338

  • SHA256

    e69303be21ced377b4f638164ae2df1b2673f6435ade76316779a0d0b97ac0e4

  • SHA512

    4eb0afbbb7da081123b1d75339054b1a4180056761042a33721c3ffb3caa3ab527c3854a022b514bf336d62456dc03d397e8df2e74c03f64c0a325e9d5e93ddf

  • SSDEEP

    12288:bOnbqjcHp2kZZdIvpncilmUzgHq5FU5Fwet1sZJ:bJ6Yk2x5HzgHeFazE

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      arinzezx.exe

    • Size

      550KB

    • MD5

      fd876cea9afb2f7587a2bde3fc700337

    • SHA1

      1488bf5d3da8ce3e99c6dd16109be50363772338

    • SHA256

      e69303be21ced377b4f638164ae2df1b2673f6435ade76316779a0d0b97ac0e4

    • SHA512

      4eb0afbbb7da081123b1d75339054b1a4180056761042a33721c3ffb3caa3ab527c3854a022b514bf336d62456dc03d397e8df2e74c03f64c0a325e9d5e93ddf

    • SSDEEP

      12288:bOnbqjcHp2kZZdIvpncilmUzgHq5FU5Fwet1sZJ:bJ6Yk2x5HzgHeFazE

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks