Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
771fb47f72480a0a1e93dab12165e657.exe
-
Size
836KB
-
Sample
221019-ggvywsfddr
-
MD5
771fb47f72480a0a1e93dab12165e657
-
SHA1
aee13ab0f1703ec1a340c8187eb0e528f5c09ac7
-
SHA256
020023df02a173b4f891fa2f6c2f7a5d4145faf4c5c94eadbc346d5bbb593568
-
SHA512
fbba7ea422a6fd0ec2c369e9946bef136aee77e18d630084101ce22e861449a6bacedcc177b99c4c84326a8e20f2c53df59cd0d6c47735a73b10d5823275db01
-
SSDEEP
12288:B7Kr7YP0da95eFAKBuoZmPIF43v+4Z0lR/y7Poco:cYMdaiqGmPIFW3Z0lR/Oo
Static task
static1
Behavioral task
behavioral1
Sample
771fb47f72480a0a1e93dab12165e657.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
771fb47f72480a0a1e93dab12165e657.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
dubaioilandgas.xyz - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
771fb47f72480a0a1e93dab12165e657.exe
-
Size
836KB
-
MD5
771fb47f72480a0a1e93dab12165e657
-
SHA1
aee13ab0f1703ec1a340c8187eb0e528f5c09ac7
-
SHA256
020023df02a173b4f891fa2f6c2f7a5d4145faf4c5c94eadbc346d5bbb593568
-
SHA512
fbba7ea422a6fd0ec2c369e9946bef136aee77e18d630084101ce22e861449a6bacedcc177b99c4c84326a8e20f2c53df59cd0d6c47735a73b10d5823275db01
-
SSDEEP
12288:B7Kr7YP0da95eFAKBuoZmPIF43v+4Z0lR/y7Poco:cYMdaiqGmPIFW3Z0lR/Oo
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-