Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    INV#09SPI.7z

  • Size

    566KB

  • Sample

    240925-pwybkawbln

  • MD5

    38c175c431de422d71eca48650759f56

  • SHA1

    ce7f01c7a93da63ac3df98465ea695f7248bb748

  • SHA256

    f9cf875c2ed2392d21c718ae8b71f5f30ec0687776a23311d886a88fa0f3403d

  • SHA512

    2aacfe5c366e635fefe5afdc47d8287269b4917a6b88bdf5c0c3b72d8ba2bed16878e1ad0c364e662247147bccc3ab06e5cdf8c1cb93f2b64bc3785f9b5df398

  • SSDEEP

    12288:T+8YO+GDp+auXi7bwp5igB0uJj+RsTKw0rCz2ZHE:C5O1Me7bR8CsKwOCz5

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    pakcentar.ba
  • Port:
    587
  • Username:
    almir.kardas@pakcentar.ba
  • Password:
    Almir.KardasPC!18_
  • Email To:
    kingboy4moni@proton.me

Targets

    • Target

      [[-Domain-]] INV#09SPI.exe

    • Size

      942KB

    • MD5

      5c10967b59a71f6a98598350c49cc44b

    • SHA1

      27a239efb62d33a5f70c8bf1759b7a81349d88b8

    • SHA256

      3bd91515dfd11609bbac1c83dabdf5caede5c7556fb4f3823de320aa117af86b

    • SHA512

      113a637cbef3b5137568523285ec654f273105c5339483831f7167488c7ff403a92e15036f94390c8c03a2921b580e7c2076ad5ae8c1685e8b4e65e5e86e9fc6

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCYcFJspLKDmG:7JZoQrbTFZY1iaCYcbsp0

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.