Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
183d1817d663aea372474a6439c688b7.exe
-
Size
799KB
-
Sample
220921-f91t6sfce2
-
MD5
183d1817d663aea372474a6439c688b7
-
SHA1
39a70f9ca530dcb2d580bcafac1ead0469cc3646
-
SHA256
c7458b9f208f81019043555a3ff23fb620ac9341fb463f9c11f9166c92f8580b
-
SHA512
eaf9e0cd295421717139245f6398acd45f972c92aa5957d0118d3828bcb2b89c16c5ab1bcdc7005439933b6dab7f3e5797afa759f31e8f6a19f9963824e255bb
-
SSDEEP
6144:4Ilfih0m+3no6/PNLf3tv6C5F2m9XD5656fgPeE85qKJPwZ6cFmJl0jon+eAUCfj:n7C8FDzczO5qKJsccKsOviml0MqzCv
Static task
static1
Behavioral task
behavioral1
Sample
183d1817d663aea372474a6439c688b7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
183d1817d663aea372474a6439c688b7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
dubaioilandgas.xyz - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
183d1817d663aea372474a6439c688b7.exe
-
Size
799KB
-
MD5
183d1817d663aea372474a6439c688b7
-
SHA1
39a70f9ca530dcb2d580bcafac1ead0469cc3646
-
SHA256
c7458b9f208f81019043555a3ff23fb620ac9341fb463f9c11f9166c92f8580b
-
SHA512
eaf9e0cd295421717139245f6398acd45f972c92aa5957d0118d3828bcb2b89c16c5ab1bcdc7005439933b6dab7f3e5797afa759f31e8f6a19f9963824e255bb
-
SSDEEP
6144:4Ilfih0m+3no6/PNLf3tv6C5F2m9XD5656fgPeE85qKJPwZ6cFmJl0jon+eAUCfj:n7C8FDzczO5qKJsccKsOviml0MqzCv
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-