Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
26092024_0509_25092024_Oficio_Pagamento_Por_Reg.pdf.zip
-
Size
499KB
-
Sample
240926-ftmydazamk
-
MD5
8a25d4c00ade5e0f3e91d655aaa0e1d2
-
SHA1
2c4eadbc992a7c7e6e2affb1c5799c84bdd7f4c6
-
SHA256
076cff7f23ef4560af258b930ecc0f43654d86e754314557238a3edb1191f63a
-
SHA512
f40f241a3d3710afff882fca0372e56973cd14abecc79c6a014742deb5f18a48d6a522858addefb1a96ca6115e291c643d0481aef867bb7db5487555e470a9f4
-
SSDEEP
12288:e9RypFWssSaIuEk8WAeueuA2ocSKw7+TubKmcUVvliN:CMFFsinWjZuTS5yTupcYdiN
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.securemail.pro - Port:
587 - Username:
[email protected] - Password:
jrpM0Y5k - Email To:
[email protected]
Targets
-
-
Target
Yx3p9h2BuT3fGLE.pif
-
Size
556KB
-
MD5
49dd86eee043ea73a894b42b4c6a4f6f
-
SHA1
69f67588f4dc75fb5fbc691058bc48893db544c3
-
SHA256
891a20a58690590fbd03bcb8954a327fbb069dc8f3bdba12b2bf29570eabefd7
-
SHA512
70a956db957917d54a53bdc34410c5c308433d9d05c283522d29a8d02649a898a7d8576515010c22610338a5cb44967494ad191463c0aa6b44df700c99bd290b
-
SSDEEP
12288:UF5pr/s0/DK2GsSiIKEkgWQeqeuseocKE692O8bQbmkR:AZs+DKdsQfWzNuhKEhI9
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-