Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e48e8bd7c034de883faae60da15ddc3f.exe

  • Size

    653KB

  • Sample

    230511-w53e7sbd4y

  • MD5

    e48e8bd7c034de883faae60da15ddc3f

  • SHA1

    ac79da066a83feaba8a70a1f0f6456fe8e39ecc2

  • SHA256

    8e406bd2fa24428c369151006c1d3b563675ddac328964b30a6429f64f17077d

  • SHA512

    6a2c9b84e6c21657075ec854776deee7112689ece4d4cd2c0d2f5566b6802eb900dcd4edeb868112ca7654518dd9ee71e4a9ba4cff2eb848dd0aef8a995ef335

  • SSDEEP

    12288:AhmPsUOWatCsPAzRa5DFIsfhknQ3O3Fa0L/as+26q2:ImPxfQCZUlFIpnQkoJs+26

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      e48e8bd7c034de883faae60da15ddc3f.exe

    • Size

      653KB

    • MD5

      e48e8bd7c034de883faae60da15ddc3f

    • SHA1

      ac79da066a83feaba8a70a1f0f6456fe8e39ecc2

    • SHA256

      8e406bd2fa24428c369151006c1d3b563675ddac328964b30a6429f64f17077d

    • SHA512

      6a2c9b84e6c21657075ec854776deee7112689ece4d4cd2c0d2f5566b6802eb900dcd4edeb868112ca7654518dd9ee71e4a9ba4cff2eb848dd0aef8a995ef335

    • SSDEEP

      12288:AhmPsUOWatCsPAzRa5DFIsfhknQ3O3Fa0L/as+26q2:ImPxfQCZUlFIpnQkoJs+26

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks