Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
in.exe
-
Size
300KB
-
Sample
230215-qxd5rabh75
-
MD5
3c8d3d6f0286b15b3dd0ad59a150b3ef
-
SHA1
4b655dfc7033727b6aaf72a84592c9d615002708
-
SHA256
dec5bbf9420596e7e4b387c6331b6009817af7803e20f717ffb55dc313e60645
-
SHA512
a1846ddad31b8654d4174958e8246215fd301efe2b0d1b79bd376445315fd40e0fd109b12babd00d0ef97947ae7b66ed5971be7d5b0723559d9e9c4c6cb59d11
-
SSDEEP
6144:YYa6+Dmz7Luk+9PG0DB4wM/gNA1QUOwMzkZIk/D7Hr0oVytG:YYYW76k6PzF4w3GJ7BFHTy8
Static task
static1
Behavioral task
behavioral1
Sample
in.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
in.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5409930542:AAFxwqGbFuHLkEcoI_Wd5LmyaZ64bak9as0/sendMessage?chat_id=5492983899
Targets
-
-
Target
in.exe
-
Size
300KB
-
MD5
3c8d3d6f0286b15b3dd0ad59a150b3ef
-
SHA1
4b655dfc7033727b6aaf72a84592c9d615002708
-
SHA256
dec5bbf9420596e7e4b387c6331b6009817af7803e20f717ffb55dc313e60645
-
SHA512
a1846ddad31b8654d4174958e8246215fd301efe2b0d1b79bd376445315fd40e0fd109b12babd00d0ef97947ae7b66ed5971be7d5b0723559d9e9c4c6cb59d11
-
SSDEEP
6144:YYa6+Dmz7Luk+9PG0DB4wM/gNA1QUOwMzkZIk/D7Hr0oVytG:YYYW76k6PzF4w3GJ7BFHTy8
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-