Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Withdrawal Authorization Letter.exe
-
Size
882KB
-
Sample
221019-gw3x2sehc2
-
MD5
ab51fcab2443142fb70bb50872407815
-
SHA1
c50331ac38b78963d45230c57927c18be34638e9
-
SHA256
1f9a0cce25f1860e53b471745a001b8d868ce4d96c3d5365c6c3d39c8b7ceb04
-
SHA512
2d7f8c53add06e86528d12899565ee0c848f20903c9092b2bff1e3a4c842343fd82c66801d43e90bf0e111b9465bd59bffe5f8619daf989631954f92b3c64756
-
SSDEEP
12288:i6WTGfEuEKW/CyXfwA/7k35yVHLnVheEEcIc/aZLBNcKii/ARh:eZKwCkfL/AGqHlciugg
Static task
static1
Behavioral task
behavioral1
Sample
Withdrawal Authorization Letter.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Withdrawal Authorization Letter.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
qlRYaFn8 - Email To:
[email protected]
Targets
-
-
Target
Withdrawal Authorization Letter.exe
-
Size
882KB
-
MD5
ab51fcab2443142fb70bb50872407815
-
SHA1
c50331ac38b78963d45230c57927c18be34638e9
-
SHA256
1f9a0cce25f1860e53b471745a001b8d868ce4d96c3d5365c6c3d39c8b7ceb04
-
SHA512
2d7f8c53add06e86528d12899565ee0c848f20903c9092b2bff1e3a4c842343fd82c66801d43e90bf0e111b9465bd59bffe5f8619daf989631954f92b3c64756
-
SSDEEP
12288:i6WTGfEuEKW/CyXfwA/7k35yVHLnVheEEcIc/aZLBNcKii/ARh:eZKwCkfL/AGqHlciugg
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-