Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    M7R81255.exe

  • Size

    648KB

  • Sample

    230525-jh4njahb7z

  • MD5

    322515f9ba9bd3518dec81faffd472eb

  • SHA1

    45ac88817480d186a3b281058ad1a9f3e4176e11

  • SHA256

    06045cf83f2510a653e35d63d4e77dcc1d2265050be035ef7ea00fc2b855da2f

  • SHA512

    a62ef86a7449c6f9c6d2dd024c851e0cd94e9be32b36e664dd2407030af13ca19e92ff9f99b07c194f3dc0e9f9e5223e2997141619aa418913e1d161d5f7315c

  • SSDEEP

    12288:caWIm6lVvtzZBEP85djvZq92yjpN8YuMpH9zr7ELN9rXRg1LHNVQ:xTmIt9BEP8LRq92yN/H/zrurru

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6011587164:AAE511fkFXh2HFxNMsjh7DJ7AykzyWIVuaY/sendMessage?chat_id=6197263581

Targets

    • Target

      M7R81255.exe

    • Size

      648KB

    • MD5

      322515f9ba9bd3518dec81faffd472eb

    • SHA1

      45ac88817480d186a3b281058ad1a9f3e4176e11

    • SHA256

      06045cf83f2510a653e35d63d4e77dcc1d2265050be035ef7ea00fc2b855da2f

    • SHA512

      a62ef86a7449c6f9c6d2dd024c851e0cd94e9be32b36e664dd2407030af13ca19e92ff9f99b07c194f3dc0e9f9e5223e2997141619aa418913e1d161d5f7315c

    • SSDEEP

      12288:caWIm6lVvtzZBEP85djvZq92yjpN8YuMpH9zr7ELN9rXRg1LHNVQ:xTmIt9BEP8LRq92yN/H/zrurru

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks