Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FAKTURA_.EXE.exe

  • Size

    949KB

  • Sample

    240925-pt3hhawalp

  • MD5

    d5b3d11c19dcb6e3125415c0dedfe2b6

  • SHA1

    f4c8309c80c85b8d1316fb88a90102d81c3474fd

  • SHA256

    8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7

  • SHA512

    d1e9e87e82a29c4d24bc2ea25740032b93af7ee048309c9ed2e249578dca8b7558fe561fb25ec22eeceea62fb2b05607fad6c5eff724657612f12dc109f3f107

  • SSDEEP

    12288:CDN+hU6YasBZbnT9pf0K+Dg0I6d3oxs0P3hCYbVVUhyeb5zXre:CfBZbnJFx+Dp2FUjVz6

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    granjaarmengol.com
  • Port:
    587
  • Username:
    elisapujol@granjaarmengol.com
  • Password:
    28112811Ab

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    granjaarmengol.com
  • Port:
    587
  • Username:
    elisapujol@granjaarmengol.com
  • Password:
    28112811Ab
  • Email To:
    garyantonio0934@gmail.com

Targets

    • Target

      FAKTURA_.EXE.exe

    • Size

      949KB

    • MD5

      d5b3d11c19dcb6e3125415c0dedfe2b6

    • SHA1

      f4c8309c80c85b8d1316fb88a90102d81c3474fd

    • SHA256

      8248df24bfd99d9869ec94c4d3321b61171a3c5137921bdd254e40118c50d0b7

    • SHA512

      d1e9e87e82a29c4d24bc2ea25740032b93af7ee048309c9ed2e249578dca8b7558fe561fb25ec22eeceea62fb2b05607fad6c5eff724657612f12dc109f3f107

    • SSDEEP

      12288:CDN+hU6YasBZbnT9pf0K+Dg0I6d3oxs0P3hCYbVVUhyeb5zXre:CfBZbnJFx+Dp2FUjVz6

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.