Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e48e8bd7c034de883faae60da15ddc3f.exe
-
Size
653KB
-
Sample
230511-w53e7sbd4y
-
MD5
e48e8bd7c034de883faae60da15ddc3f
-
SHA1
ac79da066a83feaba8a70a1f0f6456fe8e39ecc2
-
SHA256
8e406bd2fa24428c369151006c1d3b563675ddac328964b30a6429f64f17077d
-
SHA512
6a2c9b84e6c21657075ec854776deee7112689ece4d4cd2c0d2f5566b6802eb900dcd4edeb868112ca7654518dd9ee71e4a9ba4cff2eb848dd0aef8a995ef335
-
SSDEEP
12288:AhmPsUOWatCsPAzRa5DFIsfhknQ3O3Fa0L/as+26q2:ImPxfQCZUlFIpnQkoJs+26
Static task
static1
Behavioral task
behavioral1
Sample
e48e8bd7c034de883faae60da15ddc3f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e48e8bd7c034de883faae60da15ddc3f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
e48e8bd7c034de883faae60da15ddc3f.exe
-
Size
653KB
-
MD5
e48e8bd7c034de883faae60da15ddc3f
-
SHA1
ac79da066a83feaba8a70a1f0f6456fe8e39ecc2
-
SHA256
8e406bd2fa24428c369151006c1d3b563675ddac328964b30a6429f64f17077d
-
SHA512
6a2c9b84e6c21657075ec854776deee7112689ece4d4cd2c0d2f5566b6802eb900dcd4edeb868112ca7654518dd9ee71e4a9ba4cff2eb848dd0aef8a995ef335
-
SSDEEP
12288:AhmPsUOWatCsPAzRa5DFIsfhknQ3O3Fa0L/as+26q2:ImPxfQCZUlFIpnQkoJs+26
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-