Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Swift__92be67ab-e027-4955-b6fc-64bd720b2ba09.exe
-
Size
970KB
-
Sample
230313-lerwnsbf61
-
MD5
e6e43c4101b9a667f07d52c572dba013
-
SHA1
b9eee5c53a605bfe594f79b3ec5a4336ecce5e0b
-
SHA256
ac6d957336c039f000748fa1491549e9416005c224eea1cf089aab0d91b10844
-
SHA512
91840f8fc44ad7970adb639afa64d47a15d2e8b4f28d39a059e820c2b02c1ae40faa48b3a69c959db291adfba4dfaa5c8e6848ad59d1c99d3011853c2b53dc5f
-
SSDEEP
12288:IuvSwl1K8tUyZmMRxEy0gAyjVv4dnUZRbNAenKoD4z/Eu7pDjsnIxB/jDEi+orah:MfypR5AqYBFnpv/jQVzXEnt
Static task
static1
Behavioral task
behavioral1
Sample
Swift__92be67ab-e027-4955-b6fc-64bd720b2ba09.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Swift__92be67ab-e027-4955-b6fc-64bd720b2ba09.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6284958682:AAFqhG3qHKFjAq48ezySmL8vRDzlw2Jx9s8/sendMessage?chat_id=5636036075
Targets
-
-
Target
Swift__92be67ab-e027-4955-b6fc-64bd720b2ba09.exe
-
Size
970KB
-
MD5
e6e43c4101b9a667f07d52c572dba013
-
SHA1
b9eee5c53a605bfe594f79b3ec5a4336ecce5e0b
-
SHA256
ac6d957336c039f000748fa1491549e9416005c224eea1cf089aab0d91b10844
-
SHA512
91840f8fc44ad7970adb639afa64d47a15d2e8b4f28d39a059e820c2b02c1ae40faa48b3a69c959db291adfba4dfaa5c8e6848ad59d1c99d3011853c2b53dc5f
-
SSDEEP
12288:IuvSwl1K8tUyZmMRxEy0gAyjVv4dnUZRbNAenKoD4z/Eu7pDjsnIxB/jDEi+orah:MfypR5AqYBFnpv/jQVzXEnt
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-