Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DHL-AWB.exe
-
Size
940KB
-
Sample
230302-nmfjqacc8z
-
MD5
eb685b3c297e9bf66dbdf5ce339b0938
-
SHA1
e68ee19e34b4e050967630bff153eb27ad9bcab2
-
SHA256
4cfe382fc05866c2087a5d003050a40fb1a1789f8547bd13956e8823d8cf61f8
-
SHA512
5af08355a05edb7bd155cc8da39eb520f6041a27532cfb36b999b54a3363e29578f5b1b52d2c1b379c1a14d2c6694f00c7c02a205da02303e23d6cdb47a6f393
-
SSDEEP
12288:LMuRADz1KGRbItu/8mqKgE8MLj3Ymjk97DuHh/UFxvpj5+YI61UBXEuJ2c1LwnIj:gfftg3CEmA7DehEYY9c0uRwn
Static task
static1
Behavioral task
behavioral1
Sample
DHL-AWB.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL-AWB.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5896148323:AAEWgsVYxyCkhTyIZPTwudSGllkEoROCUk8/sendMessage?chat_id=6163418482
Targets
-
-
Target
DHL-AWB.exe
-
Size
940KB
-
MD5
eb685b3c297e9bf66dbdf5ce339b0938
-
SHA1
e68ee19e34b4e050967630bff153eb27ad9bcab2
-
SHA256
4cfe382fc05866c2087a5d003050a40fb1a1789f8547bd13956e8823d8cf61f8
-
SHA512
5af08355a05edb7bd155cc8da39eb520f6041a27532cfb36b999b54a3363e29578f5b1b52d2c1b379c1a14d2c6694f00c7c02a205da02303e23d6cdb47a6f393
-
SSDEEP
12288:LMuRADz1KGRbItu/8mqKgE8MLj3Ymjk97DuHh/UFxvpj5+YI61UBXEuJ2c1LwnIj:gfftg3CEmA7DehEYY9c0uRwn
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-