Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f643942efa...18.exe

windows7-x64

10

f643942efa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f643942efa7d97d1b4c11647f6b3aab1_JaffaCakes118

  • Size

    701KB

  • Sample

    240925-sch93s1frr

  • MD5

    f643942efa7d97d1b4c11647f6b3aab1

  • SHA1

    626fca231aff717034528e652c10b3e2bea090e8

  • SHA256

    c6a501bc242f79307d9f1499cbd72337e902928f1e6ead7dbc035d0a77aaec1c

  • SHA512

    c15269413e4f8b59f867e552e370a9bd46ab6d0ea8f52a017d8d23551e686eba6af22b4fa73b9dd2156206ad4e79376318fb1efc38d78ddabf7ef942ceed26c0

  • SSDEEP

    12288:RIwVpvmNp+nin+nin+niyMo38XEkQKL4hN3Iu4Cxtf7xSQAWNV+niu:R7jONp+in+in+iPo38X6Zb3IuNrTxS8P

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.chrismehat.com
  • Port:
    587
  • Username:
    kelly1@chrismehat.com
  • Password:
    gHd(;8F#)aHE

Targets

    • Target

      f643942efa7d97d1b4c11647f6b3aab1_JaffaCakes118

    • Size

      701KB

    • MD5

      f643942efa7d97d1b4c11647f6b3aab1

    • SHA1

      626fca231aff717034528e652c10b3e2bea090e8

    • SHA256

      c6a501bc242f79307d9f1499cbd72337e902928f1e6ead7dbc035d0a77aaec1c

    • SHA512

      c15269413e4f8b59f867e552e370a9bd46ab6d0ea8f52a017d8d23551e686eba6af22b4fa73b9dd2156206ad4e79376318fb1efc38d78ddabf7ef942ceed26c0

    • SSDEEP

      12288:RIwVpvmNp+nin+nin+niyMo38XEkQKL4hN3Iu4Cxtf7xSQAWNV+niu:R7jONp+in+in+iPo38X6Zb3IuNrTxS8P

    Score
    10/10
    snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.