Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae

  • Size

    6KB

  • Sample

    240927-lvqcsazamf

  • MD5

    d5fa21dbb9ba07ad7bcc0573b444523d

  • SHA1

    a5033454df4e3d451c9ea23583267ddd5e7e84cc

  • SHA256

    052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae

  • SHA512

    d6409f0b3675cd4b407887ef148e7eb5baf5f3308366e59eb99e07089217b36281f99f039788224bcfb42806a8a59170877be6f940a50e5a71a3c8d7cba547ce

  • SSDEEP

    96:3m0sGpi1tzJt68ZJuRV3ZIXz0R5QCjztWsElE1AvzNt:Ipta4ARV3Zs0fFjpWscEu5

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7212079649:AAHIRpk50BTgHwViJlADd3K83LBtWap8NNE/sendMessage?chat_id=6008123474

Targets

    • Target

      052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae

    • Size

      6KB

    • MD5

      d5fa21dbb9ba07ad7bcc0573b444523d

    • SHA1

      a5033454df4e3d451c9ea23583267ddd5e7e84cc

    • SHA256

      052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae

    • SHA512

      d6409f0b3675cd4b407887ef148e7eb5baf5f3308366e59eb99e07089217b36281f99f039788224bcfb42806a8a59170877be6f940a50e5a71a3c8d7cba547ce

    • SSDEEP

      96:3m0sGpi1tzJt68ZJuRV3ZIXz0R5QCjztWsElE1AvzNt:Ipta4ARV3Zs0fFjpWscEu5

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks