Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Product List.exe
-
Size
211KB
-
Sample
220926-hfr2aabaaj
-
MD5
16b097f9953854b7f1c0c046ec34d366
-
SHA1
1cd3ff8497afb31a9ba5280ef0d8d939689ea597
-
SHA256
6657fc401ddcb3ffdbe0d45b7850f9a2bccef46d42469b825cd890557a351693
-
SHA512
43f6313cd2831b9885c7eb851b1ed97743904e7e2d444acacddfb69388beb1743a2f931a115524270d953d5255bc0558bdf5ca22308e3d714205482c3f6f8230
-
SSDEEP
1536:FOW5VXt2AfixzZ/widSImSU969OSuzrX:FOAQw09qX
Static task
static1
Behavioral task
behavioral1
Sample
Product List.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Product List.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
[email protected] - Password:
eurobit555ro - Email To:
[email protected]
Targets
-
-
Target
Product List.exe
-
Size
211KB
-
MD5
16b097f9953854b7f1c0c046ec34d366
-
SHA1
1cd3ff8497afb31a9ba5280ef0d8d939689ea597
-
SHA256
6657fc401ddcb3ffdbe0d45b7850f9a2bccef46d42469b825cd890557a351693
-
SHA512
43f6313cd2831b9885c7eb851b1ed97743904e7e2d444acacddfb69388beb1743a2f931a115524270d953d5255bc0558bdf5ca22308e3d714205482c3f6f8230
-
SSDEEP
1536:FOW5VXt2AfixzZ/widSImSU969OSuzrX:FOAQw09qX
-
Modifies WinLogon for persistence
-
Snake Keylogger payload
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-