Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Ordine Del...25.exe

windows7-x64

3

Ordine Del...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

  • Size

    194KB

  • Sample

    250116-pbfk1szrbq

  • MD5

    2d080f1e0be3ec95d49f138a5e9c4d4f

  • SHA1

    22c49e1c1202336494504a101c1de5ac112d37e5

  • SHA256

    c44d3e15034c029b6a3fb3571c9bfca998863ba209c5c354edce1bf0316a9e42

  • SHA512

    2c0edebcd8cdad34507ae953d9e0f985aaa4e0dfb25d7c07ca29794c896e0fbf726a69dfee1e4e6b96741c625a99227e83b4254df1352587ffa90c0ac60ada6b

  • SSDEEP

    6144:EMKbABCaM6LGR7leDRq5KxYJTQxhrzVMRq2:2bSCtTQeq2

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    smtps.aruba.it
  • Port:
    465
  • Username:
    hr@tecninf.it
  • Password:
    tecninf2017
  • Email To:
    mpalogz@yandex.com

Targets

    • Target

      Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

    • Size

      194KB

    • MD5

      2d080f1e0be3ec95d49f138a5e9c4d4f

    • SHA1

      22c49e1c1202336494504a101c1de5ac112d37e5

    • SHA256

      c44d3e15034c029b6a3fb3571c9bfca998863ba209c5c354edce1bf0316a9e42

    • SHA512

      2c0edebcd8cdad34507ae953d9e0f985aaa4e0dfb25d7c07ca29794c896e0fbf726a69dfee1e4e6b96741c625a99227e83b4254df1352587ffa90c0ac60ada6b

    • SSDEEP

      6144:EMKbABCaM6LGR7leDRq5KxYJTQxhrzVMRq2:2bSCtTQeq2

    Score
    10/10
    discoverysnakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.