Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Transferencia_Datos bancarios.vbs
-
Size
433KB
-
Sample
220913-e6t2saadfn
-
MD5
e5c789225ef05bb4cf08ba2256550e7a
-
SHA1
e539d74166c70a2111409b82a5d735007e1ceed3
-
SHA256
5d4c7f07cb9896d740a7c174f63426f112952c95f12c6ab3a95f2e097e962518
-
SHA512
56bf329a93529f760f9fe4cf821397580288865eb61fa914f26276f01463ea90d9db8775004c9cce30d3acdc5628b5eea0dedcb7c6ea2195d29deae32f5d72cd
-
SSDEEP
48:yGoGjDfRzToTcjZR+EVrIoUgOiAwH0AuBQ/toTqKr:loGPfV//+uIoUgy5xBr
Static task
static1
Behavioral task
behavioral1
Sample
Transferencia_Datos bancarios.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Transferencia_Datos bancarios.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://20.7.14.99/bug/dll_nostartup.mp4
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keefort.com.ec - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@ - Email To:
[email protected]
Targets
-
-
Target
Transferencia_Datos bancarios.vbs
-
Size
433KB
-
MD5
e5c789225ef05bb4cf08ba2256550e7a
-
SHA1
e539d74166c70a2111409b82a5d735007e1ceed3
-
SHA256
5d4c7f07cb9896d740a7c174f63426f112952c95f12c6ab3a95f2e097e962518
-
SHA512
56bf329a93529f760f9fe4cf821397580288865eb61fa914f26276f01463ea90d9db8775004c9cce30d3acdc5628b5eea0dedcb7c6ea2195d29deae32f5d72cd
-
SSDEEP
48:yGoGjDfRzToTcjZR+EVrIoUgOiAwH0AuBQ/toTqKr:loGPfV//+uIoUgy5xBr
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-