Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
snake keylogger.zip
-
Size
509KB
-
Sample
221017-qd8j9acafp
-
MD5
12400caec5de2bdc39d90ed3aa333f36
-
SHA1
33bb9d1ba647c542fe89940d2acfd059ca18bfc8
-
SHA256
3bc8db6d86cd166bd99ccbda398625cfbf1015529b7432c22db08a9030dfa87e
-
SHA512
fc59125f1e2fbff24e2f469079239cf8d7890c71573c3a3598ae992ef7aab387612fda3032f39da0758b0812945935a726fcc0f59fb8a6f9f4161383c8fd19cf
-
SSDEEP
12288:k3z3kqjMl5/6I+pl82NVNBsFjIIkrkzPXWLB8be:k3z3kmkI52jgwe98C
Static task
static1
Behavioral task
behavioral1
Sample
b494899f8b5837b0fd6c11cf251967fecd3a77c73bf19b688813d6da1d04ec5e.exe
Resource
win10-20220812-ja
Behavioral task
behavioral2
Sample
b494899f8b5837b0fd6c11cf251967fecd3a77c73bf19b688813d6da1d04ec5e.exe
Resource
win10v2004-20220812-ja
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5336386315:AAFr4275liluBmKq3DdynSzdvBY-y98fXrU/sendMessage?chat_id=1736922894
Targets
-
-
Target
b494899f8b5837b0fd6c11cf251967fecd3a77c73bf19b688813d6da1d04ec5e.exe
-
Size
798KB
-
MD5
d6e177e8a6efdbb56fc0c4bbc8d38bc1
-
SHA1
2e74ee7b4684c4b2792fc544a46b406342282490
-
SHA256
b494899f8b5837b0fd6c11cf251967fecd3a77c73bf19b688813d6da1d04ec5e
-
SHA512
1e20b6e80ab27d7781600611a397dd24bcf5392928c23466a4404186e15c2aa3ef2e8f179b8858f35dea41e0f5c3ddead49245b4a6f78c2067421643b4fca4b7
-
SSDEEP
12288:/wRfEuYbi5DyeIwAgw8PWb3DkY4pR/SxazhMo8TpCRGr8rCqDmut:lmF5w8PWbgjhMoqpi1
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-