Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2.exe

  • Size

    678KB

  • Sample

    230825-meb1wsce6t

  • MD5

    0891828f1502941749122ed54cd6897d

  • SHA1

    bd4d8ce5e687c6473e7ec4d72311c5e2c6852d75

  • SHA256

    25f7c89c3dcc8b8076ca12cc9365de1c43f3ead9f73fce80ec1ef307cb5f06b5

  • SHA512

    fc9d9e73b720fee646cd3a95e5a1fcdd91824b7b8ccdfd910d68721b9bf9f4da4c76b59e7210b999393d4684e8b6703c899b5de9d83b12ceab67384efaa78381

  • SSDEEP

    12288:p8cVVgE3VPMwSnJfsGaYiQKiAysmST4TQ10/hJP05:ecbgGTSJEGOVym4M605

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6698608019:AAEr3w3gmqUN6-QUxCNnkSYZbMXOSFZ3FDo/sendMessage?chat_id=5732008790

Targets

    • Target

      2.exe

    • Size

      678KB

    • MD5

      0891828f1502941749122ed54cd6897d

    • SHA1

      bd4d8ce5e687c6473e7ec4d72311c5e2c6852d75

    • SHA256

      25f7c89c3dcc8b8076ca12cc9365de1c43f3ead9f73fce80ec1ef307cb5f06b5

    • SHA512

      fc9d9e73b720fee646cd3a95e5a1fcdd91824b7b8ccdfd910d68721b9bf9f4da4c76b59e7210b999393d4684e8b6703c899b5de9d83b12ceab67384efaa78381

    • SSDEEP

      12288:p8cVVgE3VPMwSnJfsGaYiQKiAysmST4TQ10/hJP05:ecbgGTSJEGOVym4M605

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks