Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO TYER6555556.exe
-
Size
662KB
-
Sample
230425-sx7heabb24
-
MD5
515fcae923fcf7925bc1762c71f6e384
-
SHA1
4a73794f447193d371b6d188c209e58c1fdb6309
-
SHA256
414ba539e3dbcea3e5d9618e66b71524bb66e7b4574caff6d4da5f061734bc3a
-
SHA512
6ef3aef00f34cc01b856634940a74bc0c73d8d2f0de73cf00a69f857842a3c167c7149389df994d33a980197fbb0d561056faefae6a7ba6f4b8635cc21adeb41
-
SSDEEP
12288:9bSJgvmn1ik/BN6v630WD0aky/vby9OYkC7Irzo5e2vSpRAt3l:9bSJgvmn1ikCv63XyyXZxC74z6edi3l
Static task
static1
Behavioral task
behavioral1
Sample
PO TYER6555556.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO TYER6555556.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5818680343:AAGVJsfIHcopySiifMCdAaFCv-ICp2_Yo_M/sendMessage?chat_id=5765702254
Targets
-
-
Target
PO TYER6555556.exe
-
Size
662KB
-
MD5
515fcae923fcf7925bc1762c71f6e384
-
SHA1
4a73794f447193d371b6d188c209e58c1fdb6309
-
SHA256
414ba539e3dbcea3e5d9618e66b71524bb66e7b4574caff6d4da5f061734bc3a
-
SHA512
6ef3aef00f34cc01b856634940a74bc0c73d8d2f0de73cf00a69f857842a3c167c7149389df994d33a980197fbb0d561056faefae6a7ba6f4b8635cc21adeb41
-
SSDEEP
12288:9bSJgvmn1ik/BN6v630WD0aky/vby9OYkC7Irzo5e2vSpRAt3l:9bSJgvmn1ikCv63XyyXZxC74z6edi3l
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-