Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    18012025_0130_17012025_MV ANNA SCHULTE.zip

  • Size

    300KB

  • Sample

    250118-bw1vssypdx

  • MD5

    2be7a202172a6d7c36d2358d06b081e4

  • SHA1

    d9ac82890c8a8af56cf87b518edd5e2e507ec320

  • SHA256

    4ad6dffce24c1fb1cfcb905454a685048417188cf2b9abdbebe0f5c56d8594af

  • SHA512

    d1f90ff36ffba3c20b98b00845d0b6ce481ce4eca86aef1fd093bb0c22b0e67605e0ecd889fa4d826c30ce3b739e9de78e71259451c8dc6f833c5a49c2e5d65e

  • SSDEEP

    6144:fwoWZlwBGjgGzLMMLp66KI5DLTtgwe9O487ZvgYsE:fwLZuGjhzLQ6KATtbe9OVvZz

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      MV ANNA SCHULTE.exe

    • Size

      577KB

    • MD5

      b9db6e64aefb803d0cfadba814ead25b

    • SHA1

      e96d221c5117d1c41320acce0070abd7d12ebb54

    • SHA256

      08bd6da35f2dd636fed920f5b2fc4a66370e07f4ce83159fe2c47d20933087d9

    • SHA512

      e90176f7936103f7f9116de81824de760168aa21e91aacf6ad2527c8047d946c277d2eb492699de1e0b0a49d28719e987f78b89db360ff088b60bf9c98ecab3d

    • SSDEEP

      12288:ZbRKjP7newedqROaZhn3PJH54prTtmPhxo3////rK///I/////+z5tLfSXPgX:DKjP7ewedbKh3BHWK6////G///I////e

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks