Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO_N∞ 303550900.rar
-
Size
490KB
-
Sample
221017-ycsfmsdafr
-
MD5
7a73cfe5e13d80507f7a32ca3013bcec
-
SHA1
10ae13f465b51d4887297d5d72ed2793449b57f0
-
SHA256
310695600166e82a8276c76352e340cc4ced96335a81acb4c530e60e07d291ca
-
SHA512
f7637ba220149270c9cc69f1fd2fb8e3fb24a21ec3066116148ecd3badbbf161eb928c0e88b5b67bc72d209a061054cb95630df86e48802b4797be7de95b52fb
-
SSDEEP
12288:VBH1dwiy1b2UE8F7czcD1MF52v3VB9GNsodMu4O0E5:FdCcc3xG+Pufv5
Static task
static1
Behavioral task
behavioral1
Sample
PO_N° 303550900.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO_N° 303550900.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
[email protected] - Password:
eurobit555ro - Email To:
[email protected]
Targets
-
-
Target
PO_N° 303550900.exe
-
Size
766KB
-
MD5
3690f258325839e1e2321d5bc1f42716
-
SHA1
8bb78bf22b8cafc4adcad44bd3b53f89a71d4f9b
-
SHA256
a0b3665ecea80f1d40c7c39d97f2d79bcfad60361b0a9f429f872b8d4aa9065a
-
SHA512
cbd0901abda0dfa884417acfc7645a99bd97b8663294710a1349e754e12b01f839ee043f7bf35346278e7557a2009994f4e2ac6341884468f8ec226480be8f70
-
SSDEEP
12288:rEs/R4RB2cu+KJ0ewZNOFuXFhnGrAMyGFkWnkp05m9Fs2:CRuFFuXFUriekWnQ05I
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-