Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
1.1MB
-
Sample
221104-1zhk3abec8
-
MD5
178ff2e386dee063633a246556caf621
-
SHA1
b6f7afc2f136c5a56a698814d5d500b6bdddf7b0
-
SHA256
1e4d15ccd3ee787324ccd48246f980a8e37495b82e962a27e9d634b14e6660bc
-
SHA512
8fbcf503ed94062ca294df0b16a401d3649b8f7d912a02c2e70d349e451ebfd69216b63257a2d76d0ffb2dba45021101f85580834314d7d0998c89e8513d46b0
-
SSDEEP
24576:XW8DET+VwfHGXG31BX8+BvFr8TAqbDORBY:BbVwfpFBX8+BvFoDaY
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
LYSV$*b4 - Email To:
[email protected]
Targets
-
-
Target
tmp
-
Size
1.1MB
-
MD5
178ff2e386dee063633a246556caf621
-
SHA1
b6f7afc2f136c5a56a698814d5d500b6bdddf7b0
-
SHA256
1e4d15ccd3ee787324ccd48246f980a8e37495b82e962a27e9d634b14e6660bc
-
SHA512
8fbcf503ed94062ca294df0b16a401d3649b8f7d912a02c2e70d349e451ebfd69216b63257a2d76d0ffb2dba45021101f85580834314d7d0998c89e8513d46b0
-
SSDEEP
24576:XW8DET+VwfHGXG31BX8+BvFr8TAqbDORBY:BbVwfpFBX8+BvFoDaY
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-