Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TT return copy .pdf.exe
-
Size
1.0MB
-
Sample
230328-gzbyqsba81
-
MD5
10d17b5b38280ae719f8e8d9bb68422b
-
SHA1
5679dc8fcbd8f4bae164494e361590d52f04d431
-
SHA256
0312ca773d06b41b2906310879143c0737bb66dbfda5d01ec1ec69d4cfb58adc
-
SHA512
8bd099546edf4910010966821afdfdbe41f8f2dd41a501fa65cfd56799380639f9329614fcb9dfd5e4d6800e1db6564ed9c78623b94082100cee663d72fb3f22
-
SSDEEP
24576:EwrVZ96e5wbe71SW3dslTfhdVWq2FS2qef2:D3Tse77CTPVEFS2
Static task
static1
Behavioral task
behavioral1
Sample
TT return copy .pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TT return copy .pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5302690346:AAHm8HQofEvDG4ubNtPRHLfVIUU5VWSx970/sendMessage?chat_id=1673719962
Targets
-
-
Target
TT return copy .pdf.exe
-
Size
1.0MB
-
MD5
10d17b5b38280ae719f8e8d9bb68422b
-
SHA1
5679dc8fcbd8f4bae164494e361590d52f04d431
-
SHA256
0312ca773d06b41b2906310879143c0737bb66dbfda5d01ec1ec69d4cfb58adc
-
SHA512
8bd099546edf4910010966821afdfdbe41f8f2dd41a501fa65cfd56799380639f9329614fcb9dfd5e4d6800e1db6564ed9c78623b94082100cee663d72fb3f22
-
SSDEEP
24576:EwrVZ96e5wbe71SW3dslTfhdVWq2FS2qef2:D3Tse77CTPVEFS2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-