Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5ae16d5f8eae9b63068ad5a08a311179.exe
-
Size
637KB
-
Sample
230424-rnewcscc85
-
MD5
5ae16d5f8eae9b63068ad5a08a311179
-
SHA1
4189bf7a6fe8473395ee5814ca19a5aa70a20158
-
SHA256
cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d
-
SHA512
774ecae4f72e9535c2bea549aa73c3a3872a772aff01924f52d1f7975a5f3039d75506b8c7956599eb028e2e10096e8b0a47c6232d355f3872a5c5215e4ac296
-
SSDEEP
12288:opGBO5ZZC/W2n9wl/mbORAuDSRB6okvdT1lPQiowic/7:mGqTC/fW/tRAu+RJk1RlPPse
Static task
static1
Behavioral task
behavioral1
Sample
5ae16d5f8eae9b63068ad5a08a311179.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5ae16d5f8eae9b63068ad5a08a311179.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6102267622:AAFFZ_GvUj4OisNxsdlwZ5OHZVEfanDQBf0/sendMessage?chat_id=6107719374
Targets
-
-
Target
5ae16d5f8eae9b63068ad5a08a311179.exe
-
Size
637KB
-
MD5
5ae16d5f8eae9b63068ad5a08a311179
-
SHA1
4189bf7a6fe8473395ee5814ca19a5aa70a20158
-
SHA256
cc138ced1fbc3fd146c76a8ab520bc6e436b84a4cd26542e8d75ae57c435511d
-
SHA512
774ecae4f72e9535c2bea549aa73c3a3872a772aff01924f52d1f7975a5f3039d75506b8c7956599eb028e2e10096e8b0a47c6232d355f3872a5c5215e4ac296
-
SSDEEP
12288:opGBO5ZZC/W2n9wl/mbORAuDSRB6okvdT1lPQiowic/7:mGqTC/fW/tRAu+RJk1RlPPse
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-