Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5ae16d5f8eae9b63068ad5a08a311179.exe

  • Size

    637KB

  • Sample

    230424-rnewcscc85

  • MD5

    5ae16d5f8eae9b63068ad5a08a311179

  • SHA1

    4189bf7a6fe8473395ee5814ca19a5aa70a20158

  • SHA256

    cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d

  • SHA512

    774ecae4f72e9535c2bea549aa73c3a3872a772aff01924f52d1f7975a5f3039d75506b8c7956599eb028e2e10096e8b0a47c6232d355f3872a5c5215e4ac296

  • SSDEEP

    12288:opGBO5ZZC/W2n9wl/mbORAuDSRB6okvdT1lPQiowic/7:mGqTC/fW/tRAu+RJk1RlPPse

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6102267622:AAFFZ_GvUj4OisNxsdlwZ5OHZVEfanDQBf0/sendMessage?chat_id=6107719374

Targets

    • Target

      5ae16d5f8eae9b63068ad5a08a311179.exe

    • Size

      637KB

    • MD5

      5ae16d5f8eae9b63068ad5a08a311179

    • SHA1

      4189bf7a6fe8473395ee5814ca19a5aa70a20158

    • SHA256

      cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d

    • SHA512

      774ecae4f72e9535c2bea549aa73c3a3872a772aff01924f52d1f7975a5f3039d75506b8c7956599eb028e2e10096e8b0a47c6232d355f3872a5c5215e4ac296

    • SSDEEP

      12288:opGBO5ZZC/W2n9wl/mbORAuDSRB6okvdT1lPQiowic/7:mGqTC/fW/tRAu+RJk1RlPPse

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks