Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4dec296b7065addf7c26cc23b6dc3b58c606c48bb58d0583af8ee031627b6591
-
Size
251KB
-
Sample
230306-djdkvaad64
-
MD5
d27acd5a54e38e537ff1f3b3f44aa412
-
SHA1
d1ef4583d60eeb82f7c65f5e685ac59e5a72b799
-
SHA256
4dec296b7065addf7c26cc23b6dc3b58c606c48bb58d0583af8ee031627b6591
-
SHA512
13a8a68a262b98a80e44221d698ff66f2fea7ffbccc93cdeaaf595d3373eea5e5f7fde3eb172bbfbbe8d124961aa3d84355bf4dc07d466643308b8e7e7d68ce6
-
SSDEEP
3072:XfY/TU9fE9PEtuWbcShR2O1LqH2Z6Rz3VCrsvUq/cCEY1Degk15kB+Mou4/8LDjI:PYa6mtR272S3Vd/ciCg9igLYQhgEKOIh
Static task
static1
Behavioral task
behavioral1
Sample
4dec296b7065addf7c26cc23b6dc3b58c606c48bb58d0583af8ee031627b6591.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4dec296b7065addf7c26cc23b6dc3b58c606c48bb58d0583af8ee031627b6591.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6112875567:AAELAi1dztc_XKpDFEg1a1IG01250o2gxXs/sendMessage?chat_id=5687933537
Targets
-
-
Target
4dec296b7065addf7c26cc23b6dc3b58c606c48bb58d0583af8ee031627b6591
-
Size
251KB
-
MD5
d27acd5a54e38e537ff1f3b3f44aa412
-
SHA1
d1ef4583d60eeb82f7c65f5e685ac59e5a72b799
-
SHA256
4dec296b7065addf7c26cc23b6dc3b58c606c48bb58d0583af8ee031627b6591
-
SHA512
13a8a68a262b98a80e44221d698ff66f2fea7ffbccc93cdeaaf595d3373eea5e5f7fde3eb172bbfbbe8d124961aa3d84355bf4dc07d466643308b8e7e7d68ce6
-
SSDEEP
3072:XfY/TU9fE9PEtuWbcShR2O1LqH2Z6Rz3VCrsvUq/cCEY1Degk15kB+Mou4/8LDjI:PYa6mtR272S3Vd/ciCg9igLYQhgEKOIh
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-