Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Swift_Payment_Copy.s͏x͏l͏x͏.exe

  • Size

    2.2MB

  • Sample

    240809-h46vcaxgjm

  • MD5

    5bf9c004691c7497b5e94f131ae0b40f

  • SHA1

    21b9a8c455fdab04bd71c0a26e5877cfe8ddb999

  • SHA256

    67285edd0d6730914d31dc4a0ffa9e7f43587a9051186beffd242b9a0621f0cf

  • SHA512

    963797faf17c4078c80893640f7dc12123bdc51ebad78171e23c7f6b2599c06f361baf3dca55126d1e2fab44422c383fb3a08fcad750c5a7d766b069a6509f5d

  • SSDEEP

    49152:5WiP0wV0hJ5VGx6ODJ1+qEtWX33oG1Sdhopo:dVUcBabPmo

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7326718143:AAHCoPbdl01YWgtL8Z76U43CTNQwWuaC5Lk/sendMessage?chat_id=7121607304

Targets

    • Target

      Swift_Payment_Copy.s͏x͏l͏x͏.exe

    • Size

      2.2MB

    • MD5

      5bf9c004691c7497b5e94f131ae0b40f

    • SHA1

      21b9a8c455fdab04bd71c0a26e5877cfe8ddb999

    • SHA256

      67285edd0d6730914d31dc4a0ffa9e7f43587a9051186beffd242b9a0621f0cf

    • SHA512

      963797faf17c4078c80893640f7dc12123bdc51ebad78171e23c7f6b2599c06f361baf3dca55126d1e2fab44422c383fb3a08fcad750c5a7d766b069a6509f5d

    • SSDEEP

      49152:5WiP0wV0hJ5VGx6ODJ1+qEtWX33oG1Sdhopo:dVUcBabPmo

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks