Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Confirmación de recibo de transferencia.exe

  • Size

    621KB

  • Sample

    230424-rneklacc83

  • MD5

    34aad4cf4e2eaff477944be25df41837

  • SHA1

    ed808f2f8b9634e8a513401122ad8b03152742b5

  • SHA256

    6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009

  • SHA512

    136f30226265ad4e1d73cf67c10ba9f035409222cb64fa06d68d71d2fdd9e362128902fdbbbfe01510004e29e37ab1819ca61f7777f0946a6cd9df8dfc71c0c5

  • SSDEEP

    12288:buFqUvdP5Kq/XpKQKr2fjJswmvTPVj9Y/:bpUvKq/pKx2fjmwETt9

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.condominioaocubo.pt
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Qualidade.c3.2018

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Confirmación de recibo de transferencia.exe

    • Size

      621KB

    • MD5

      34aad4cf4e2eaff477944be25df41837

    • SHA1

      ed808f2f8b9634e8a513401122ad8b03152742b5

    • SHA256

      6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009

    • SHA512

      136f30226265ad4e1d73cf67c10ba9f035409222cb64fa06d68d71d2fdd9e362128902fdbbbfe01510004e29e37ab1819ca61f7777f0946a6cd9df8dfc71c0c5

    • SSDEEP

      12288:buFqUvdP5Kq/XpKQKr2fjJswmvTPVj9Y/:bpUvKq/pKx2fjmwETt9

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks