Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8c27edb9a7...78.exe

windows7-x64

3

8c27edb9a7...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b18193c10c0724374da0e246343988465451d6db884623f758a1c1a29a446579.zip

  • Size

    525KB

  • Sample

    250327-cvc8sawvdz

  • MD5

    f7c93f4b6464105338e49ce425cb789f

  • SHA1

    4bc112888950c364c9277664281fe1037f1f3b34

  • SHA256

    b18193c10c0724374da0e246343988465451d6db884623f758a1c1a29a446579

  • SHA512

    d08225d1588d3e97c511be66662ad2f55d57128af15f7353580f89863ca40c6bf2c9f21ea974cdaf68d44a393e6f7c173534f81198314fefcc83112991405f53

  • SSDEEP

    12288:oMjc25VyUaUFd/IHHHNumIljvIColYHwggNdO0MDhA2tsPbfk0vLrcmg:Vjc25VyUZFpIHNuJljvIHYtw9MtA2tsk

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    winners44

Targets

    • Target

      8c27edb9a77712a4e13e8133f233ba34d7182e7823d0408fd12da11c91f94178.exe

    • Size

      644KB

    • MD5

      f125be2430fa6fa2160adfcf0f148af3

    • SHA1

      16d12e95770066d022f7c137053af7a47c53a153

    • SHA256

      8c27edb9a77712a4e13e8133f233ba34d7182e7823d0408fd12da11c91f94178

    • SHA512

      f8cafa66842a3aa5948447de9c061f48282d3e2a7c14b9f476dde16170b177b3e17997d1fc4c2671e73bbd3d29461a64c5cd11c1bd2bc27f91b6e15cdea140b3

    • SSDEEP

      12288:9dD0MqyNQJc5zS+CzHRSHUMGLKp4Q7bqMavwuFzK4BsWk7Ahc:9dDcjJO+xL4vIQ7b/7gK4mWkN

    Score
    10/10
    discoverysnakekeyloggercollectioncredential_accesskeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snakekeylogger family

      snakekeylogger

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks