Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d

  • Size

    580KB

  • Sample

    241013-j1px4awepf

  • MD5

    50a72bdb6e0977bf055acaab04f857c0

  • SHA1

    a8968ae6909ff8e093bab35ebfebb629c767d016

  • SHA256

    14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d

  • SHA512

    1f8a7a53c89cff4090699018ee412f41687306c8f6545fc3090b4dbddb81e39aacd080059239cd39afec5313f129794ebb8d2903e4f79d4e16b2b6d969e0d116

  • SSDEEP

    12288:004EpvXkzZIwNLllXQaw5I9ncDl5ixr+oqwByRPGGClvCfWN44:004waIKRQazncDlw+oXv+IV

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Shipping Documents_pdf.exe

    • Size

      1.1MB

    • MD5

      d696ff10344001019fdba47183cc496c

    • SHA1

      2c2c34a60253de99e5b46e999877cd84ef9964f5

    • SHA256

      edd9ba7dee624d71aca582cd72c90bb9cf739eb6e21f822368a5a5eb9e7d5bf6

    • SHA512

      a7de62d8d78116751a0c43eac93c986d87d80c20c027a88881f51b1d305e8029f4cfba6be21e7b426785a5efd37ea401096a341461a8286edb3d006dbcb1cbf0

    • SSDEEP

      24576:PCdxte/80jYLT3U1jfsWa71UCbzeA6tiSS5Q:Ow80cTsjkWaBXOVd

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks