Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

RFQ-43842 ...or.exe

windows7-x64

10

RFQ-43842 ...or.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7E57917D3347FC59A1E534D36F409915D5DDA8D8DD6F6F0938D963626C32E131

  • Size

    921KB

  • Sample

    230208-v2swxsde74

  • MD5

    e6c09f8a697eb4dc426a64075a9c7e07

  • SHA1

    a00c217d954c1c02e1988b3275eef8c964827845

  • SHA256

    7e57917d3347fc59a1e534d36f409915d5dda8d8dd6f6f0938d963626c32e131

  • SHA512

    73ddacdef04dc5e1a564ef277dc380d87b9a68c9597b67163d207a6e2848e0d18b56f6e46c094829b78ec644098e6f6f06dc571fb09d7a8e0af6422272e543c3

  • SSDEEP

    12288:6/LofQ97V7gh/00BeGJwvioJi9u2XyDRRS8fcH/mXtoS/n5Ji+DFj0YKAv:+tb7gh/00BWdcNy1RSwcEtoSPi+3z

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

https://api.telegram.org/bot5814180506:AAFpVfxl9CBszzsUeg8FTylBwiTKUc4g3lA/sendMessage?chat_id=5056270248

Targets

    • Target

      RFQ-43842 Teklif Gerekiyor.exe

    • Size

      919KB

    • MD5

      7c09e5b5f70f2a1b753794d6fa0df965

    • SHA1

      8626cd57ebc7821a992d583570ab785c51cf51dc

    • SHA256

      916677af442bb08e425f3e31f614e2afca12ca7d2ab51976b409bd97013b0714

    • SHA512

      6ab54e42b1336dfe04084cf56af716d722b4941af5056b82c74d795810cdb663946fead6f2e71922d575797bd80fdd987318f1f2f9396c5d29f92c373a6e6caf

    • SSDEEP

      12288:Q/LofQ97V7gh/00BeGJwvioJi9u2XyDRRS8fcH/mXtoS/n5Ji+DFj0YKAv:gtb7gh/00BWdcNy1RSwcEtoSPi+3z

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks