Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
849614b51d921924596ea7120a79a8cdc4c49165e804ef136b35694a4a6cde01
-
Size
548KB
-
Sample
221220-cescrsbf4w
-
MD5
b41c5591e9e8aad37173b240c2bce220
-
SHA1
718495f9250a42f957f76ddf7990f8ec9438da60
-
SHA256
849614b51d921924596ea7120a79a8cdc4c49165e804ef136b35694a4a6cde01
-
SHA512
04b06855530be5e56b4a441e82e830eced9448bd4baed8cba9240a0c2084c6ad40cfdc8128ff8a55933fe6098c9350e22f78e7ae77eb6112ef58dbe7b9729acb
-
SSDEEP
12288:6BMPrvQL6+6ZmIGn7xI9fmnaqgK9kc3CyRxDrATCowYI2t2Z:NenafMa09YGP5c
Static task
static1
Behavioral task
behavioral1
Sample
849614b51d921924596ea7120a79a8cdc4c49165e804ef136b35694a4a6cde01.exe
Resource
win10-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
849614b51d921924596ea7120a79a8cdc4c49165e804ef136b35694a4a6cde01
-
Size
548KB
-
MD5
b41c5591e9e8aad37173b240c2bce220
-
SHA1
718495f9250a42f957f76ddf7990f8ec9438da60
-
SHA256
849614b51d921924596ea7120a79a8cdc4c49165e804ef136b35694a4a6cde01
-
SHA512
04b06855530be5e56b4a441e82e830eced9448bd4baed8cba9240a0c2084c6ad40cfdc8128ff8a55933fe6098c9350e22f78e7ae77eb6112ef58dbe7b9729acb
-
SSDEEP
12288:6BMPrvQL6+6ZmIGn7xI9fmnaqgK9kc3CyRxDrATCowYI2t2Z:NenafMa09YGP5c
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-