Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
final INV, PL, BL..exe
-
Size
223KB
-
Sample
230505-nksq9shh25
-
MD5
80b48131a8ee8130588c6e8915905a4a
-
SHA1
29493397e53171528e9587581b750ac85333c174
-
SHA256
29a028df9898f4d21557863d584879c54b759de951022a419cb4b2b6b40a87bf
-
SHA512
d2511b3014689e11ebb18ec18eb1dfd64b86b00d2acc114ab3360b8b575c4d1942883f62b2123b5b737b9f95a822a849616b9f3c7fab4f0e7c0ece75a231ba23
-
SSDEEP
3072:DA4CFu2f+4KMKXk0Q9gsYDDAJmGIrmMvSh3/BxYrOW5qmHohiFQQbTgjnIPX3XgE:E4sL+GKXk0F+IRXM+/5DohiyQ+yI4
Static task
static1
Behavioral task
behavioral1
Sample
final INV, PL, BL..exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
final INV, PL, BL..exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.rubagas.com - Port:
587 - Username:
[email protected] - Password:
ruba3004
Targets
-
-
Target
final INV, PL, BL..exe
-
Size
223KB
-
MD5
80b48131a8ee8130588c6e8915905a4a
-
SHA1
29493397e53171528e9587581b750ac85333c174
-
SHA256
29a028df9898f4d21557863d584879c54b759de951022a419cb4b2b6b40a87bf
-
SHA512
d2511b3014689e11ebb18ec18eb1dfd64b86b00d2acc114ab3360b8b575c4d1942883f62b2123b5b737b9f95a822a849616b9f3c7fab4f0e7c0ece75a231ba23
-
SSDEEP
3072:DA4CFu2f+4KMKXk0Q9gsYDDAJmGIrmMvSh3/BxYrOW5qmHohiFQQbTgjnIPX3XgE:E4sL+GKXk0F+IRXM+/5DohiyQ+yI4
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-