Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Drawing.img.exe
-
Size
841KB
-
Sample
230403-plmr3sgb8t
-
MD5
fae8a94e9d180cb6ebd19baaff00ed22
-
SHA1
8585bdd94acff8528e2711b2618579001e1581e9
-
SHA256
218837a31e5d0be80334b33216d047700a3f0983d847ea6019f5a5e638e69f56
-
SHA512
db7908675325d802402b58a5c70b4670848f94b8be97ca4da55353a455e066bec669c0b695df10558c60d55672b4f6115fb07369406fa8d992077bb839212685
-
SSDEEP
12288:l5CBWKdq1FbwwJLwrb53qOYfm+E9myYyG8ZFTOwl59+ay2j+DpfwPfdM7m3St5:Ofrpx3qOYfXEkYlvSwl59SDpfiIm3U
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bk-systems.in - Port:
587 - Username:
[email protected] - Password:
unna_149-ooru - Email To:
[email protected]
Targets
-
-
Target
Drawing.img.exe
-
Size
841KB
-
MD5
fae8a94e9d180cb6ebd19baaff00ed22
-
SHA1
8585bdd94acff8528e2711b2618579001e1581e9
-
SHA256
218837a31e5d0be80334b33216d047700a3f0983d847ea6019f5a5e638e69f56
-
SHA512
db7908675325d802402b58a5c70b4670848f94b8be97ca4da55353a455e066bec669c0b695df10558c60d55672b4f6115fb07369406fa8d992077bb839212685
-
SSDEEP
12288:l5CBWKdq1FbwwJLwrb53qOYfm+E9myYyG8ZFTOwl59+ay2j+DpfwPfdM7m3St5:Ofrpx3qOYfXEkYlvSwl59SDpfiIm3U
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-