Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Request for Quotation - CRPO-02 Project.exe
-
Size
581KB
-
Sample
230508-w16xtsdg9v
-
MD5
f8217bd63821efff73b3e0f55d6a1a88
-
SHA1
5cbae2649da060bac1602e62ba641b1d85b24fc4
-
SHA256
92f0a55426e5040dc80133f908906acddaa338792783507fb0bb62d5b786c3ce
-
SHA512
2ecc8c4202a94f647fb6887a6724ac4d99c34476942262ac7422d127a3fd44bd6e59973ea4000100ec848855393dd5e672402cb78e42ab3d09223167dfd8373a
-
SSDEEP
12288:+8ds7D6nFhjN9OB7Vkm3DpfVLkLfWzaWR3z:+8e4VN9bm3NKSh9z
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation - CRPO-02 Project.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Request for Quotation - CRPO-02 Project.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5300146648:AAHnGWyIYhkCfGzD7b3SfmLZj94Y8lXxD90/sendMessage?chat_id=5116181161
Targets
-
-
Target
Request for Quotation - CRPO-02 Project.exe
-
Size
581KB
-
MD5
f8217bd63821efff73b3e0f55d6a1a88
-
SHA1
5cbae2649da060bac1602e62ba641b1d85b24fc4
-
SHA256
92f0a55426e5040dc80133f908906acddaa338792783507fb0bb62d5b786c3ce
-
SHA512
2ecc8c4202a94f647fb6887a6724ac4d99c34476942262ac7422d127a3fd44bd6e59973ea4000100ec848855393dd5e672402cb78e42ab3d09223167dfd8373a
-
SSDEEP
12288:+8ds7D6nFhjN9OB7Vkm3DpfVLkLfWzaWR3z:+8e4VN9bm3NKSh9z
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-