Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    INV#09SPI.7z

  • Size

    566KB

  • Sample

    240925-pwybkawbln

  • MD5

    38c175c431de422d71eca48650759f56

  • SHA1

    ce7f01c7a93da63ac3df98465ea695f7248bb748

  • SHA256

    f9cf875c2ed2392d21c718ae8b71f5f30ec0687776a23311d886a88fa0f3403d

  • SHA512

    2aacfe5c366e635fefe5afdc47d8287269b4917a6b88bdf5c0c3b72d8ba2bed16878e1ad0c364e662247147bccc3ab06e5cdf8c1cb93f2b64bc3785f9b5df398

  • SSDEEP

    12288:T+8YO+GDp+auXi7bwp5igB0uJj+RsTKw0rCz2ZHE:C5O1Me7bR8CsKwOCz5

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      [[-Domain-]] INV#09SPI.exe

    • Size

      942KB

    • MD5

      5c10967b59a71f6a98598350c49cc44b

    • SHA1

      27a239efb62d33a5f70c8bf1759b7a81349d88b8

    • SHA256

      3bd91515dfd11609bbac1c83dabdf5caede5c7556fb4f3823de320aa117af86b

    • SHA512

      113a637cbef3b5137568523285ec654f273105c5339483831f7167488c7ff403a92e15036f94390c8c03a2921b580e7c2076ad5ae8c1685e8b4e65e5e86e9fc6

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCYcFJspLKDmG:7JZoQrbTFZY1iaCYcbsp0

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks