Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f696ead7eba6d5df7a2016b5fd193e9e_JaffaCakes118

  • Size

    792KB

  • Sample

    240417-y4r9ysee7t

  • MD5

    f696ead7eba6d5df7a2016b5fd193e9e

  • SHA1

    3cf4cf17c5c2347721570f1df0d710133fb65413

  • SHA256

    d1503ceac0fde6e0979d6ba3f6fba34ebdc3fb4ca5f785757e8ef45383b9273d

  • SHA512

    1013c7405fca15e1c8759ff049de21cfa85aeb3ba15294690b396b6fb165648d10868efc86b9c84a458617a5444c769e2ca86cc600de58b98a97abb620d44073

  • SSDEEP

    12288:UPWID8VeuWJO7G/LWmHut5CqDm1kBB4XIMF9GHsoY+K2NeJ/b/XaO8gWSFK+pJSC:UuID8moGTJQ5xn4XIdM+KK4jiT0FK+p

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      f696ead7eba6d5df7a2016b5fd193e9e_JaffaCakes118

    • Size

      792KB

    • MD5

      f696ead7eba6d5df7a2016b5fd193e9e

    • SHA1

      3cf4cf17c5c2347721570f1df0d710133fb65413

    • SHA256

      d1503ceac0fde6e0979d6ba3f6fba34ebdc3fb4ca5f785757e8ef45383b9273d

    • SHA512

      1013c7405fca15e1c8759ff049de21cfa85aeb3ba15294690b396b6fb165648d10868efc86b9c84a458617a5444c769e2ca86cc600de58b98a97abb620d44073

    • SSDEEP

      12288:UPWID8VeuWJO7G/LWmHut5CqDm1kBB4XIMF9GHsoY+K2NeJ/b/XaO8gWSFK+pJSC:UuID8moGTJQ5xn4XIdM+KK4jiT0FK+p

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks