Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Statement of account.exe
-
Size
302KB
-
Sample
230207-vfpblsga2s
-
MD5
d92663659acec15e0167ee7500634e59
-
SHA1
965657d95f52be3a91f7f784503ec287dace934c
-
SHA256
77dab247203f103e2c7e5139d3d67cc41c2d375bdfb56b9fa902c53a4079a489
-
SHA512
a7aeb3dcdb1818b48c54668d98d29c1167d47e3a679141402c9ea83aa3bcb186e841cf046cee29bb7513a50b82852e616f6010985e53c25990a750ef3daa4a32
-
SSDEEP
6144:Ie92FDutOc6duxKLo8TNLLepQZnNh/b6DTlT1CGRcuOiG5MFoCDCHA:sFDutOc6duxKLoeNWpQZnNh/b6PCGhDK
Static task
static1
Behavioral task
behavioral1
Sample
Statement of account.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Statement of account.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.wspcranes.com - Port:
995 - Username:
[email protected] - Password:
Wel@1come - Email To:
[email protected]
https://api.telegram.org/bot6192832133:AAF7C5Hu2cAny_oozlOAGw_7DWfvYVumEbE/sendMessage?chat_id=2021395706
Targets
-
-
Target
Statement of account.exe
-
Size
302KB
-
MD5
d92663659acec15e0167ee7500634e59
-
SHA1
965657d95f52be3a91f7f784503ec287dace934c
-
SHA256
77dab247203f103e2c7e5139d3d67cc41c2d375bdfb56b9fa902c53a4079a489
-
SHA512
a7aeb3dcdb1818b48c54668d98d29c1167d47e3a679141402c9ea83aa3bcb186e841cf046cee29bb7513a50b82852e616f6010985e53c25990a750ef3daa4a32
-
SSDEEP
6144:Ie92FDutOc6duxKLo8TNLLepQZnNh/b6DTlT1CGRcuOiG5MFoCDCHA:sFDutOc6duxKLoeNWpQZnNh/b6PCGhDK
-
Snake Keylogger payload
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-