Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3410529d02cdc6ee212c44cdae46c2c0.exe

  • Size

    127KB

  • Sample

    230803-s5w2msdh97

  • MD5

    3410529d02cdc6ee212c44cdae46c2c0

  • SHA1

    7061a945f2786bf28191f856d8566ea9d61e7869

  • SHA256

    7d11e19dcc4a6891657f624485dfd6e3e0ed3f0cd1a4361cc922ebb95d7361ac

  • SHA512

    77459455e89eb954dfb943e9ee1544055fb6e010ff9050f3c4ac3aac2f655132183f9474755825647896df55457878f1b7f6d41b4aee19a99fd8ab775c035dcb

  • SSDEEP

    1536:OhrMBR29HM9mZ0kp08+vBUFrlYYnz7mrMSz+m4IsrMFPyKvn02bEb/zRWn6tlkpd:OhryR6sBkpznz5b7Rk6tlOwBINzgbY

Malware Config

Extracted

Family

snakekeylogger

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.sienkakupeste.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    010203sienka++

Targets

    • Target

      3410529d02cdc6ee212c44cdae46c2c0.exe

    • Size

      127KB

    • MD5

      3410529d02cdc6ee212c44cdae46c2c0

    • SHA1

      7061a945f2786bf28191f856d8566ea9d61e7869

    • SHA256

      7d11e19dcc4a6891657f624485dfd6e3e0ed3f0cd1a4361cc922ebb95d7361ac

    • SHA512

      77459455e89eb954dfb943e9ee1544055fb6e010ff9050f3c4ac3aac2f655132183f9474755825647896df55457878f1b7f6d41b4aee19a99fd8ab775c035dcb

    • SSDEEP

      1536:OhrMBR29HM9mZ0kp08+vBUFrlYYnz7mrMSz+m4IsrMFPyKvn02bEb/zRWn6tlkpd:OhryR6sBkpznz5b7Rk6tlOwBINzgbY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks