Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Confirmación de recibo de transferencia.exe
-
Size
621KB
-
Sample
230424-rneklacc83
-
MD5
34aad4cf4e2eaff477944be25df41837
-
SHA1
ed808f2f8b9634e8a513401122ad8b03152742b5
-
SHA256
6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009
-
SHA512
136f30226265ad4e1d73cf67c10ba9f035409222cb64fa06d68d71d2fdd9e362128902fdbbbfe01510004e29e37ab1819ca61f7777f0946a6cd9df8dfc71c0c5
-
SSDEEP
12288:buFqUvdP5Kq/XpKQKr2fjJswmvTPVj9Y/:bpUvKq/pKx2fjmwETt9
Static task
static1
Behavioral task
behavioral1
Sample
Confirmación de recibo de transferencia.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Confirmación de recibo de transferencia.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.condominioaocubo.pt - Port:
587 - Username:
[email protected] - Password:
Qualidade.c3.2018
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.condominioaocubo.pt - Port:
587 - Username:
[email protected] - Password:
Qualidade.c3.2018 - Email To:
[email protected]
Targets
-
-
Target
Confirmación de recibo de transferencia.exe
-
Size
621KB
-
MD5
34aad4cf4e2eaff477944be25df41837
-
SHA1
ed808f2f8b9634e8a513401122ad8b03152742b5
-
SHA256
6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009
-
SHA512
136f30226265ad4e1d73cf67c10ba9f035409222cb64fa06d68d71d2fdd9e362128902fdbbbfe01510004e29e37ab1819ca61f7777f0946a6cd9df8dfc71c0c5
-
SSDEEP
12288:buFqUvdP5Kq/XpKQKr2fjJswmvTPVj9Y/:bpUvKq/pKx2fjmwETt9
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-