Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2nd Invoice.xlsx
-
Size
137KB
-
Sample
221026-l58bcafdbr
-
MD5
85f545db1c213dcf29928d6d8073a2ae
-
SHA1
768d7f8e20f514c987b8e560c953b699c0ea14f6
-
SHA256
c4371db5235bb4ec11938ec939028d39514219df1452cc7fbb5d004f57a103a1
-
SHA512
ebc24074041b42ba85475b3edfe6b42965ef01fcd554fe7ac357767696f859f6a1e9483e7f9fefacd35e5d7e8e021e759dfc19aa4be4b131d9dcac01e421460d
-
SSDEEP
3072:sqfbzI3VkS+wIqjRn+j/SQe1o+BCMAwGFUOgzD4:ZTzYVkOTRnCLe1o4CfGz8
Static task
static1
Behavioral task
behavioral1
Sample
2nd Invoice.xlsx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2nd Invoice.xlsx
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
2nd Invoice.xlsx
-
Size
137KB
-
MD5
85f545db1c213dcf29928d6d8073a2ae
-
SHA1
768d7f8e20f514c987b8e560c953b699c0ea14f6
-
SHA256
c4371db5235bb4ec11938ec939028d39514219df1452cc7fbb5d004f57a103a1
-
SHA512
ebc24074041b42ba85475b3edfe6b42965ef01fcd554fe7ac357767696f859f6a1e9483e7f9fefacd35e5d7e8e021e759dfc19aa4be4b131d9dcac01e421460d
-
SSDEEP
3072:sqfbzI3VkS+wIqjRn+j/SQe1o+BCMAwGFUOgzD4:ZTzYVkOTRnCLe1o4CfGz8
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-