Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Payment Advice.exe
-
Size
867KB
-
Sample
230215-qv874sbf7y
-
MD5
7385b9a6b159a04d4a4d29c469abca7d
-
SHA1
ab591b6d039f81648057ceffde88a1a07eaab82e
-
SHA256
3b33ec65f67fa0d16d24cecc78ed7fb7922ca1b952648846cc87c4b5b7682eaf
-
SHA512
b1ab958da83a2d3862661126c106e4430ecc42c4e932d7e7a22a83730b016ce50f1109ff379ec41e69cafac9fc9a7649b3759cd4e7f0f639d146e0862a5d4f2f
-
SSDEEP
24576:jpD8iV2K1ntJQSY12+Vu2KcIl7OD3stPHM:d8UThtZC/w2JKyD8Z
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6262247910:AAE4jpGXApuGyNo9i5Gac5UwUxrCbw4HXyY/sendMessage?chat_id=5962295104
Targets
-
-
Target
Payment Advice.exe
-
Size
867KB
-
MD5
7385b9a6b159a04d4a4d29c469abca7d
-
SHA1
ab591b6d039f81648057ceffde88a1a07eaab82e
-
SHA256
3b33ec65f67fa0d16d24cecc78ed7fb7922ca1b952648846cc87c4b5b7682eaf
-
SHA512
b1ab958da83a2d3862661126c106e4430ecc42c4e932d7e7a22a83730b016ce50f1109ff379ec41e69cafac9fc9a7649b3759cd4e7f0f639d146e0862a5d4f2f
-
SSDEEP
24576:jpD8iV2K1ntJQSY12+Vu2KcIl7OD3stPHM:d8UThtZC/w2JKyD8Z
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-