Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea.exe

  • Size

    1009KB

  • Sample

    240912-hxrf3sxdme

  • MD5

    e687ec1ae50d62b2c1aca5c1840ee194

  • SHA1

    b873989a1ed588cfdaa59baaf3437ba04a0f9c46

  • SHA256

    6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea

  • SHA512

    0d922da1588d25c11f57dc181848f947fbf746f1f39b1d7c61d362e0f9d99221a3ab682ef08d71879eed99b16a300592fd022874a100d5db658b9b6d71d9b3b5

  • SSDEEP

    24576:O4lavt0LkLL9IMixoEgeaivwKRV2YkHSFq9MmCS:5kwkn9IMHeaivtRkOaPCS

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7103143262:AAG465MUhsk82xbAoiKNfXs-PGi4dmGgzyE/sendMessage?chat_id=7337843299

Targets

    • Target

      6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea.exe

    • Size

      1009KB

    • MD5

      e687ec1ae50d62b2c1aca5c1840ee194

    • SHA1

      b873989a1ed588cfdaa59baaf3437ba04a0f9c46

    • SHA256

      6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea

    • SHA512

      0d922da1588d25c11f57dc181848f947fbf746f1f39b1d7c61d362e0f9d99221a3ab682ef08d71879eed99b16a300592fd022874a100d5db658b9b6d71d9b3b5

    • SSDEEP

      24576:O4lavt0LkLL9IMixoEgeaivwKRV2YkHSFq9MmCS:5kwkn9IMHeaivtRkOaPCS

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks