Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3091345040789f001381782c5332ff95_JaffaCakes118

  • Size

    606KB

  • Sample

    241010-sss48axgkq

  • MD5

    3091345040789f001381782c5332ff95

  • SHA1

    39980487c86823efeb2b079c6a40bf2f33c88edd

  • SHA256

    37722ebd458649670d3086a4d32bcbf66f33fc670ed1da04a4e187c240119d78

  • SHA512

    a97b964ef904afe4b79bc6d963e2410ff832fdb642405be0d8cb6dfc6a2c1671f309e0ec2988cbd2a28a0f6a884644ac8302aa7a652b8d69ef8787c9a73325de

  • SSDEEP

    12288:alzAKpxUbXUHqH6EU6/6IU6bbdyxdooMp:alDpxIXUKH6E9/6IU6bbdyxd7Mp

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.top-semi.xyz
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    saV#jXYoE9

Targets

    • Target

      3091345040789f001381782c5332ff95_JaffaCakes118

    • Size

      606KB

    • MD5

      3091345040789f001381782c5332ff95

    • SHA1

      39980487c86823efeb2b079c6a40bf2f33c88edd

    • SHA256

      37722ebd458649670d3086a4d32bcbf66f33fc670ed1da04a4e187c240119d78

    • SHA512

      a97b964ef904afe4b79bc6d963e2410ff832fdb642405be0d8cb6dfc6a2c1671f309e0ec2988cbd2a28a0f6a884644ac8302aa7a652b8d69ef8787c9a73325de

    • SSDEEP

      12288:alzAKpxUbXUHqH6EU6/6IU6bbdyxdooMp:alDpxIXUKH6E9/6IU6bbdyxd7Mp

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks