Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07082024_0854_06082024_MT OMEGA STAR 1 PARTICULARS.zip

  • Size

    399KB

  • Sample

    240807-kt7d8swclj

  • MD5

    a5568d6882bbc11f0fe68eec6d57ac61

  • SHA1

    61752f596d852e1dae396f29b4fa83a4ec25e40f

  • SHA256

    7342c43dc0d3274686cdd6bb54f38f1b45b5ed832d8c994897837f8a531d78ee

  • SHA512

    cc04d4e99e2e5212929bf2d47749d84a209c54816e2e1ee3e23654b361cdc5f34b84b5ea6c18adf5ce1f553486da5ce067d7a10e841f599e0fa6100b3669eaab

  • SSDEEP

    12288:HVzwIp8mwvhbWuJVfbiZQWqiDzrDDXOnTS:H8D0sVfbizn6nTS

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      MT OMEGA STAR 1 PARTICULARS.exe

    • Size

      754KB

    • MD5

      a5a69fd57688509aa88ed7ab13f32a31

    • SHA1

      6485c6faa015fef17ab05948a165b280523715b8

    • SHA256

      da5fb510778b8236104d890365e5c17afcdfd94ebefd15afe2f9a41636eb6dbf

    • SHA512

      299a5e32a46a942301148689cefceeddfdd03f6d1ff5a68893c064b2f6bae2fccae39977bb55692f6ba083a230e38de27bd87d2757c188888c3207630e202f5d

    • SSDEEP

      12288:UNta0s5YgbYRFryttzL9rxK+3rV5zesI3ZaqeE6Fg5cZe/e73X2Z:TL3cRFryttzLzl3DdIpa9Ekfqa3X2Z

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks