Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO-500741.exe
-
Size
990KB
-
Sample
230315-spq6fsdh44
-
MD5
d2b6495aaed7ba9e21661e9246cc9382
-
SHA1
5195b6fad939a73aa3bf5169a57104e773ffe743
-
SHA256
320e2a1e5cd7741bcec4c8f6d37527ea1905844247b1419e201104d8dd6e0fc5
-
SHA512
72b00dc16631e12213e86e046911155d55823b8f27207d77adfdc6a5f2bc8ab216eeeb319a083bfc6ef3d6c9289b368eade69257b9cd59cedaa5a7ba76d8966e
-
SSDEEP
12288:/CnbIYazKJ2Ltj4YpY6EY8osxJ9mgDP5xugrFWRkgf45lFZJ6gcmK8JGRTw:/CHizL54gY6EKiXx/FTjFZsd+JT
Static task
static1
Behavioral task
behavioral1
Sample
PO-500741.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO-500741.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
PO-500741.exe
-
Size
990KB
-
MD5
d2b6495aaed7ba9e21661e9246cc9382
-
SHA1
5195b6fad939a73aa3bf5169a57104e773ffe743
-
SHA256
320e2a1e5cd7741bcec4c8f6d37527ea1905844247b1419e201104d8dd6e0fc5
-
SHA512
72b00dc16631e12213e86e046911155d55823b8f27207d77adfdc6a5f2bc8ab216eeeb319a083bfc6ef3d6c9289b368eade69257b9cd59cedaa5a7ba76d8966e
-
SSDEEP
12288:/CnbIYazKJ2Ltj4YpY6EY8osxJ9mgDP5xugrFWRkgf45lFZJ6gcmK8JGRTw:/CHizL54gY6EKiXx/FTjFZsd+JT
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-