Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_c368da96b56b5584411d55c00c55a4b0

  • Size

    1.0MB

  • Sample

    250109-kb5spaxjdr

  • MD5

    c368da96b56b5584411d55c00c55a4b0

  • SHA1

    ea04d8d13b0b2ab75607767ff283a1b67f773aea

  • SHA256

    7fab4484ff1eba1d0ee9048c96a4daf0f8441c230bd6cf2f569c4bf775e8ccfe

  • SHA512

    71adca49498725396a2756d4660e135a949ee986357251a9df9cdd92256bc1d0a51dcc1e65ef0935952690ea3c4e025dc31244297c764561d30975aefc037969

  • SSDEEP

    12288:YSTgeyhP7VWYgnTQbpqrEgi5gl6iEC/MHmg789IW1dXg:nMhUVnkbpqrEgi53C/MHmg789IW1dXg

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      JaffaCakes118_c368da96b56b5584411d55c00c55a4b0

    • Size

      1.0MB

    • MD5

      c368da96b56b5584411d55c00c55a4b0

    • SHA1

      ea04d8d13b0b2ab75607767ff283a1b67f773aea

    • SHA256

      7fab4484ff1eba1d0ee9048c96a4daf0f8441c230bd6cf2f569c4bf775e8ccfe

    • SHA512

      71adca49498725396a2756d4660e135a949ee986357251a9df9cdd92256bc1d0a51dcc1e65ef0935952690ea3c4e025dc31244297c764561d30975aefc037969

    • SSDEEP

      12288:YSTgeyhP7VWYgnTQbpqrEgi5gl6iEC/MHmg789IW1dXg:nMhUVnkbpqrEgi53C/MHmg789IW1dXg

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks