Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO TYER6555556.exe

  • Size

    662KB

  • Sample

    230425-sx7heabb24

  • MD5

    515fcae923fcf7925bc1762c71f6e384

  • SHA1

    4a73794f447193d371b6d188c209e58c1fdb6309

  • SHA256

    414ba539e3dbcea3e5d9618e66b71524bb66e7b4574caff6d4da5f061734bc3a

  • SHA512

    6ef3aef00f34cc01b856634940a74bc0c73d8d2f0de73cf00a69f857842a3c167c7149389df994d33a980197fbb0d561056faefae6a7ba6f4b8635cc21adeb41

  • SSDEEP

    12288:9bSJgvmn1ik/BN6v630WD0aky/vby9OYkC7Irzo5e2vSpRAt3l:9bSJgvmn1ikCv63XyyXZxC74z6edi3l

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5818680343:AAGVJsfIHcopySiifMCdAaFCv-ICp2_Yo_M/sendMessage?chat_id=5765702254

Targets

    • Target

      PO TYER6555556.exe

    • Size

      662KB

    • MD5

      515fcae923fcf7925bc1762c71f6e384

    • SHA1

      4a73794f447193d371b6d188c209e58c1fdb6309

    • SHA256

      414ba539e3dbcea3e5d9618e66b71524bb66e7b4574caff6d4da5f061734bc3a

    • SHA512

      6ef3aef00f34cc01b856634940a74bc0c73d8d2f0de73cf00a69f857842a3c167c7149389df994d33a980197fbb0d561056faefae6a7ba6f4b8635cc21adeb41

    • SSDEEP

      12288:9bSJgvmn1ik/BN6v630WD0aky/vby9OYkC7Irzo5e2vSpRAt3l:9bSJgvmn1ikCv63XyyXZxC74z6edi3l

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks