Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KvlzN7SaEJQgetq.exe
-
Size
840KB
-
Sample
221206-s535ysbc47
-
MD5
bfd1be3c1b51983177c7ec0769816da1
-
SHA1
10d8ccd2ab82a7c98494b25667b66628fc4487d2
-
SHA256
a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44
-
SHA512
b91ddbbc428d2ee9e9607b5b5d7f8303dc4dbaa6f086da3df76bc85a8ef34f534423fa6e95aa70fbc6e5c023c84a4388e28f8123e6a71e3a99260b663304b15a
-
SSDEEP
12288:pyvlqU+EegGqZN+2eM2gvX88uT3zVgVn7r95f0bRHwAxxGBH5Ddzoa1cfN:IvdeRqbPeS/83zCV7hN0FxABH5DdEPf
Static task
static1
Behavioral task
behavioral1
Sample
KvlzN7SaEJQgetq.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
KvlzN7SaEJQgetq.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5527276937:AAFXPayV6BQ7JPPGsD5rUkKZ4cn3m-d_W-0/sendMessage?chat_id=5582419717
Targets
-
-
Target
KvlzN7SaEJQgetq.exe
-
Size
840KB
-
MD5
bfd1be3c1b51983177c7ec0769816da1
-
SHA1
10d8ccd2ab82a7c98494b25667b66628fc4487d2
-
SHA256
a877d4ad09c9afc5bb5880913fd98fcf6989f390685bbd50b7f6acca864d0f44
-
SHA512
b91ddbbc428d2ee9e9607b5b5d7f8303dc4dbaa6f086da3df76bc85a8ef34f534423fa6e95aa70fbc6e5c023c84a4388e28f8123e6a71e3a99260b663304b15a
-
SSDEEP
12288:pyvlqU+EegGqZN+2eM2gvX88uT3zVgVn7r95f0bRHwAxxGBH5Ddzoa1cfN:IvdeRqbPeS/83zCV7hN0FxABH5DdEPf
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-