Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
1.2MB
-
Sample
220924-cyvbgaadd2
-
MD5
f960f173e544cba85a215c9c4378f872
-
SHA1
56af4e7dca3b3885b2491dd846cc0fe244858799
-
SHA256
0e4053540da52df835cccda6e4694aee2cb241fc40665c715b7f890cf6b69296
-
SHA512
549546095b51318ab9cfcc7302106f9faf32d3ba26e4c78e263ab55460cee3eee97d9e456ddfd489f979f221388fa7c889a8f9115197ef38005c866abe65cb95
-
SSDEEP
24576:7hLuyy5eNo+Jm8DUQCNJZiWZJs8OhYShfAYoILsAs3mDDr9He:tLuyyeJT1wJJsJjf3Zsh2b
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
tmp
-
Size
1.2MB
-
MD5
f960f173e544cba85a215c9c4378f872
-
SHA1
56af4e7dca3b3885b2491dd846cc0fe244858799
-
SHA256
0e4053540da52df835cccda6e4694aee2cb241fc40665c715b7f890cf6b69296
-
SHA512
549546095b51318ab9cfcc7302106f9faf32d3ba26e4c78e263ab55460cee3eee97d9e456ddfd489f979f221388fa7c889a8f9115197ef38005c866abe65cb95
-
SSDEEP
24576:7hLuyy5eNo+Jm8DUQCNJZiWZJs8OhYShfAYoILsAs3mDDr9He:tLuyyeJT1wJJsJjf3Zsh2b
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-