Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Teklifformu_Ekinoks LS 1087251 04-00000152.exe

  • Size

    545KB

  • Sample

    240925-qndgvsxenp

  • MD5

    752c58548ee76d6732517c7d9f829df8

  • SHA1

    2f17dd9ff173034bc12621c0b35a5b2128b30ad7

  • SHA256

    1c9a030db393a1bba1b147b39f3a612e2babe9594b406449d40cdcaf374d32cd

  • SHA512

    0061e07587eb8b2d3ee468bfb08bcc46087ff18621f758467d89965ea2a0441a990132be32d35161b4f6ed2e067354361b2034653079059fad765dcc53260c7e

  • SSDEEP

    12288:lrt8bQbCqT7OqsqehMWPdQ+ToC7F4CgPo5a4:UIXqqYhM4dFoSgw5a4

Malware Config

Targets

    • Target

      Teklifformu_Ekinoks LS 1087251 04-00000152.exe

    • Size

      545KB

    • MD5

      752c58548ee76d6732517c7d9f829df8

    • SHA1

      2f17dd9ff173034bc12621c0b35a5b2128b30ad7

    • SHA256

      1c9a030db393a1bba1b147b39f3a612e2babe9594b406449d40cdcaf374d32cd

    • SHA512

      0061e07587eb8b2d3ee468bfb08bcc46087ff18621f758467d89965ea2a0441a990132be32d35161b4f6ed2e067354361b2034653079059fad765dcc53260c7e

    • SSDEEP

      12288:lrt8bQbCqT7OqsqehMWPdQ+ToC7F4CgPo5a4:UIXqqYhM4dFoSgw5a4

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.