Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    51fa78a1b3137cde2cad099e3825f321.zip

  • Size

    472KB

  • Sample

    230703-jmvw7agf8z

  • MD5

    dd0310de14e18a484a7ef9f2d31a68b5

  • SHA1

    3f2be640ebc240330bb29374308ec5d2054f486f

  • SHA256

    3fa1ecd98e2813f766547077464a004fd1aed554850f539eda2747fce43f63dd

  • SHA512

    3206ad59a9bf287f34ee0825aa35774d47b673a411b9dbe2b6f25bb620608e271a0ca2ce177731fccaf8b8c92eff222b147c75b8f375c637dc49c83692b6d46e

  • SSDEEP

    12288:ECx0GdGCXScm9KDTeJfcIC9o3d31YzBY3Sn6xu1BH7sYxxfqp:pxHGpieZvC9o3tkBqSnJ1i3p

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://peruglobo.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    YSw&oCV&c23w

Targets

    • Target

      Fizetési másolatCT06292023.exe

    • Size

      630KB

    • MD5

      51fa78a1b3137cde2cad099e3825f321

    • SHA1

      c7bbbef38683de5eb911915524ead1eb6c8b3b90

    • SHA256

      3dedd91d5d734fdea8fa04714e99b1fdcac4c06626ad2e10aa825e71fc18c3c3

    • SHA512

      2c236bd2910a601b4e2cfb659c09e96eafa526a640b7e15705fafda227e89f49e6f8a6be477a5e1b63264651675fe11bc12226a3d7d11b8f7e5b5229a33e0eac

    • SSDEEP

      12288:M9Xnc5JdxDe91WvvwZin4A6RRFbrEr7GQvDN81:HxDKwjMRC/Lp81

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks