Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28950d733a57f8b60d6c82be7.bin

  • Size

    526KB

  • Sample

    230630-nt7xjshb56

  • MD5

    6745272f451949366527a8a3a402043c

  • SHA1

    61867ab03cb34c57cba027a4f84467e40436717b

  • SHA256

    1d8f29874ddf3692e2dfd5953b53e503b64659e6156e1866d9779d37dd2c67aa

  • SHA512

    3386c007e769fb77c6122ca006d009031575bd4e9f30b2ef78336176dfafd6d39a92edb6f33ed04edc5128aaf41b6ac3aa0ebcd61bb284d6cbb2a63a9347250e

  • SSDEEP

    12288:4/C9UAtr2Eef0GjE7mpn9BK1djHFtDjK1Kvwwfl:4qRyEViE7mpnvKnhBjtw2

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5884813542:AAE_NTHYHJxIqnVXOM0mUNE1h-A-ytq9y8I/sendMessage?chat_id=5334267822

Targets

    • Target

      cae1354a45569f45b407e95f00ba53ada314874b706f903f91960464c7f5ecea.exe

    • Size

      632KB

    • MD5

      28950d733a57f8b60d6c82be7c105d5d

    • SHA1

      97215f12304287305f5d72bcc1cff6ea67a5388c

    • SHA256

      cae1354a45569f45b407e95f00ba53ada314874b706f903f91960464c7f5ecea

    • SHA512

      106b1283ff5352915751b5a9168102748d2f1a1eb50253a1680fbaadefc1d01a8b2d9e66281689d4e9a50459ad2bc705c4f9c95f7bd71e2387a5cc822288d6c7

    • SSDEEP

      12288:gCXWldJ25/+cNSXq/LpXt3tmiDWkEuZlZ:g25/+cNSXqjpXt9a/ufZ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks