Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO-VHR-S235029B.exe
-
Size
881KB
-
Sample
230418-nnvp2ach2y
-
MD5
97bf3e9ac8d864df3fe745391b1d7b5c
-
SHA1
19f6b1148326286635c38a74e0a0f9b222632ade
-
SHA256
741caf63351d781a3c4c7b613947695c76bb5ebe864d53eb93acd9548a82038c
-
SHA512
f27be725cb11bbc51110fb4f7e8843c011394baf08f267231d2d176033e651e77bdd37d197a14126b11043e9a94023c29c828ea9e811bb48c1401a13a653bd9a
-
SSDEEP
12288:HW16FiPUY4eVPd0JTJxbh8FIGQSlxZc+b0/SOp3LzKBFxtXkUB1Z4J:24FEUYV6Xbg/bZcrl3vKBFksQ
Static task
static1
Behavioral task
behavioral1
Sample
PO-VHR-S235029B.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO-VHR-S235029B.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5818680343:AAGVJsfIHcopySiifMCdAaFCv-ICp2_Yo_M/sendMessage?chat_id=5765702254
Targets
-
-
Target
PO-VHR-S235029B.exe
-
Size
881KB
-
MD5
97bf3e9ac8d864df3fe745391b1d7b5c
-
SHA1
19f6b1148326286635c38a74e0a0f9b222632ade
-
SHA256
741caf63351d781a3c4c7b613947695c76bb5ebe864d53eb93acd9548a82038c
-
SHA512
f27be725cb11bbc51110fb4f7e8843c011394baf08f267231d2d176033e651e77bdd37d197a14126b11043e9a94023c29c828ea9e811bb48c1401a13a653bd9a
-
SSDEEP
12288:HW16FiPUY4eVPd0JTJxbh8FIGQSlxZc+b0/SOp3LzKBFxtXkUB1Z4J:24FEUYV6Xbg/bZcrl3vKBFksQ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-