Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
abc.rar
-
Size
8KB
-
Sample
230206-ln8wjsge6t
-
MD5
1b339e457b7ca302836a2def8a6ced97
-
SHA1
9bd0900582445b950c3bb43cdcd30023cbfbc1f1
-
SHA256
536ef2de17913ef296a7c856530b09fcfa8d06821e4367528a67c192e6faa934
-
SHA512
71e198c25a5f02543c4fe5c801a6358ed618b31edbf908b8da92d0a5881a374b2b57d7f077b814091b526994b3ceea75d2ecb9e620b69e861a63bee76ad10a3e
-
SSDEEP
192:84HQ0cGcXS/4V7kr0IavOfpIHidcFXYQBKOiYH/cod:8EQXi/4V7qF2CcY6Hcq
Static task
static1
Behavioral task
behavioral1
Sample
Tvccjkahqr.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Tvccjkahqr.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6153811580:AAFDLNZoT-HelPNUs1JOyE22nWD-iLH7QKY/sendMessage?chat_id=5582419717
Targets
-
-
Target
Tvccjkahqr.exe
-
Size
17KB
-
MD5
0e83d9def9f0d8b855725f0e0136201c
-
SHA1
2846547d5f34abc3084192dbc6976484fae3c0a6
-
SHA256
cf635b3f6775fdf343dee0e703f1ebc24a740d4b1c76ad11e4118bcc1e636882
-
SHA512
cf274517ae75612af9bbcf08c69ecb98248098664559718f4bd76acd7d55945126d7b30a814c91ba239a88edc23fae34594ef479c9cc68361ca132a3f9aa98e6
-
SSDEEP
384:MFqF+L4TURdJJsjYa4uz+0mYKC9fn9/Awh:0RdJJsjiM+dCJ9oS
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-