Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    887KB

  • Sample

    230517-h3slbsea96

  • MD5

    c19b70381457c1bf947f4befc79dc507

  • SHA1

    c290b39b8078e473c6d7eefa8aac2f7a1b7b5376

  • SHA256

    e3605326017c58a3ef50367f4821255161997f87c615c126c981526127392d3e

  • SHA512

    3189ff8c02332ba9f6b85efe12ccf6cce2125b57e8a7cdfe915a892afb344b7e4e0ee91d2fb695083419416bbc4ee7ce48cbcc4f485489fef4a5668804e2f5f1

  • SSDEEP

    12288:6LYK0aO+4fzKM/JNDFmHGoxuBslG0VKhxabmj09JgkbzZnKkAtvxiLATAGn3WtNv:6LYha+zKM/JNB6xpYnzaSjSnKk0

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5915450521:AAHBL9CEnsFid-IQ0sl0oVZia7TI3t-wPPY/sendMessage?chat_id=5061956073

Targets

    • Target

      tmp

    • Size

      887KB

    • MD5

      c19b70381457c1bf947f4befc79dc507

    • SHA1

      c290b39b8078e473c6d7eefa8aac2f7a1b7b5376

    • SHA256

      e3605326017c58a3ef50367f4821255161997f87c615c126c981526127392d3e

    • SHA512

      3189ff8c02332ba9f6b85efe12ccf6cce2125b57e8a7cdfe915a892afb344b7e4e0ee91d2fb695083419416bbc4ee7ce48cbcc4f485489fef4a5668804e2f5f1

    • SSDEEP

      12288:6LYK0aO+4fzKM/JNDFmHGoxuBslG0VKhxabmj09JgkbzZnKkAtvxiLATAGn3WtNv:6LYha+zKM/JNB6xpYnzaSjSnKk0

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks