Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a888f1a58c...fb.exe

windows7-x64

10

a888f1a58c...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6363352dbd9a9f85ed71a7cb80212b8a98a9d6fe47b0f6fe7fa923a9624aea9

  • Size

    691KB

  • Sample

    241221-vr467stpbt

  • MD5

    6525acadcb786f4880a28db2d1b956e2

  • SHA1

    b2a112cc99e9c792f29f53bbbdb079a3d50652c9

  • SHA256

    c6363352dbd9a9f85ed71a7cb80212b8a98a9d6fe47b0f6fe7fa923a9624aea9

  • SHA512

    b9f67bd840431f6e961b23b9738c3f5163832344d10d92c8cfedae52e3122e6b29d36cdc08ed38813e2d35481a92507e03a405a738a83fe7fc0d063a0d03a3e8

  • SSDEEP

    12288:NeDjzdXlXcZG5hQQPzH6L0Ndj+TjBw+0Akzlznv7lGU4HBgrF:UPBXldQmH6YPj89kzlzod25

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      a888f1a58c8c2ab3a2ae32743d0362fe01f145e76b4196c21b9c2bafc978e7fb.exe

    • Size

      859KB

    • MD5

      bcf8d2128e7b649547415c5a4ef2ffac

    • SHA1

      1bef99869a0503d3b377d6fe43a37586e98b29de

    • SHA256

      a888f1a58c8c2ab3a2ae32743d0362fe01f145e76b4196c21b9c2bafc978e7fb

    • SHA512

      d57f3ebcf502364c713e2162bfda6c5162f1338f90c717e64cfce5049e888882bbf6ffd6815980042cdf6ac22118ede55b1e0db2737f965b56e7ebf6b2b14da6

    • SSDEEP

      12288:RIhBKv12iN0GqEMyabkvsX/I3/NzRc92wraKHkXRIBxML8wyQfdcb:R6M116hldIVO2w/kX+MLLfd

    Score
    10/10
    snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks