Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
887KB
-
Sample
230517-h3slbsea96
-
MD5
c19b70381457c1bf947f4befc79dc507
-
SHA1
c290b39b8078e473c6d7eefa8aac2f7a1b7b5376
-
SHA256
e3605326017c58a3ef50367f4821255161997f87c615c126c981526127392d3e
-
SHA512
3189ff8c02332ba9f6b85efe12ccf6cce2125b57e8a7cdfe915a892afb344b7e4e0ee91d2fb695083419416bbc4ee7ce48cbcc4f485489fef4a5668804e2f5f1
-
SSDEEP
12288:6LYK0aO+4fzKM/JNDFmHGoxuBslG0VKhxabmj09JgkbzZnKkAtvxiLATAGn3WtNv:6LYha+zKM/JNB6xpYnzaSjSnKk0
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5915450521:AAHBL9CEnsFid-IQ0sl0oVZia7TI3t-wPPY/sendMessage?chat_id=5061956073
Targets
-
-
Target
tmp
-
Size
887KB
-
MD5
c19b70381457c1bf947f4befc79dc507
-
SHA1
c290b39b8078e473c6d7eefa8aac2f7a1b7b5376
-
SHA256
e3605326017c58a3ef50367f4821255161997f87c615c126c981526127392d3e
-
SHA512
3189ff8c02332ba9f6b85efe12ccf6cce2125b57e8a7cdfe915a892afb344b7e4e0ee91d2fb695083419416bbc4ee7ce48cbcc4f485489fef4a5668804e2f5f1
-
SSDEEP
12288:6LYK0aO+4fzKM/JNDFmHGoxuBslG0VKhxabmj09JgkbzZnKkAtvxiLATAGn3WtNv:6LYha+zKM/JNB6xpYnzaSjSnKk0
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-