Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
INQUIRY - TENDER RFx-2172200126 .exe
-
Size
4.8MB
-
Sample
230203-x1hqnsde71
-
MD5
496c2794aefc720bc71fd57c5ddc13a7
-
SHA1
324d529b527c343695ffd4ce94abde0dd29252c3
-
SHA256
47a98390d2ac2a88d7853877e3c2f1d3253f90a0bb0f61b37570294e00a1107f
-
SHA512
188580c71d8885e257346bd2f6ac8f55aa9fc80c498cd0b5de1252ce36f3e4bf4c6f8f46f4b87a3ecec1c69ae4d54b2a5c8b7020b87eb92875c889719ae453d1
-
SSDEEP
24576:50Mwg7OQcjsDvuvkxDaQ9vSmR7d7lacOJuJ6Exgd5Hf2icQaux8:
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY - TENDER RFx-2172200126 .exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INQUIRY - TENDER RFx-2172200126 .exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://ftp.cleaningagent.xyz/ - Port:
21 - Username:
[email protected] - Password:
9L4dBJBZ,kIQ
Targets
-
-
Target
INQUIRY - TENDER RFx-2172200126 .exe
-
Size
4.8MB
-
MD5
496c2794aefc720bc71fd57c5ddc13a7
-
SHA1
324d529b527c343695ffd4ce94abde0dd29252c3
-
SHA256
47a98390d2ac2a88d7853877e3c2f1d3253f90a0bb0f61b37570294e00a1107f
-
SHA512
188580c71d8885e257346bd2f6ac8f55aa9fc80c498cd0b5de1252ce36f3e4bf4c6f8f46f4b87a3ecec1c69ae4d54b2a5c8b7020b87eb92875c889719ae453d1
-
SSDEEP
24576:50Mwg7OQcjsDvuvkxDaQ9vSmR7d7lacOJuJ6Exgd5Hf2icQaux8:
-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-