Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEW_PO#2220000004.exe
-
Size
1.3MB
-
Sample
220927-jmjh6achc9
-
MD5
b1416169a5d9b7deb7e4a131c31c5dc2
-
SHA1
0c799fbff28138911aec438815601ab372ee4f28
-
SHA256
a4642bf9cbd641619645c6f4761ef8037b3844e948f588c8bd58e32eed70fb14
-
SHA512
d71822e649f3232732fb315d65dbfff4b96474f0e34eff4ed2a9c4dd5866164360b79b9afeee13cdac000e23f6d83045e874ebbdee5a85eb1405d03497a34813
-
SSDEEP
24576:+q8Go19UYpeaJFnrYyaXq/M1ZN916R3lN:+qsUCFnNa6QLnQ
Static task
static1
Behavioral task
behavioral1
Sample
NEW_PO#2220000004.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
NEW_PO#2220000004.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
NEW_PO#2220000004.exe
-
Size
1.3MB
-
MD5
b1416169a5d9b7deb7e4a131c31c5dc2
-
SHA1
0c799fbff28138911aec438815601ab372ee4f28
-
SHA256
a4642bf9cbd641619645c6f4761ef8037b3844e948f588c8bd58e32eed70fb14
-
SHA512
d71822e649f3232732fb315d65dbfff4b96474f0e34eff4ed2a9c4dd5866164360b79b9afeee13cdac000e23f6d83045e874ebbdee5a85eb1405d03497a34813
-
SSDEEP
24576:+q8Go19UYpeaJFnrYyaXq/M1ZN916R3lN:+qsUCFnNa6QLnQ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-