Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6589987TEL.exe
-
Size
233KB
-
Sample
230522-qv8lksgf97
-
MD5
9d492198c90933eb067ea7bd158d0597
-
SHA1
56950f6ba640b4edf603c5bc0f0fa7f460c807d5
-
SHA256
b4b38d7d62a408e89a3c7c0157405cf65862ddb6a1fb23a931311a468d051890
-
SHA512
1c511a295e2b6313cc7dc81cdc31a6dd9e1b7a379b67207728fdbfbb5afb977bf03ba10f17428a7a646bce95f7f4c971100aaefbabdd8d7ddba31e44ef4e06c8
-
SSDEEP
6144:JYa68XJgGIPL8bhiG7FYmjIaf76t+EmV8kPgXjd1qN:JYOJgGIj8TYmsaz6t+Eg8bTdE
Static task
static1
Behavioral task
behavioral1
Sample
6589987TEL.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6589987TEL.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5801425382:AAG5b4PUEaqNDv5uP9ejZGeIHeuzzOD4IHY/sendMessage?chat_id=5812329204
Targets
-
-
Target
6589987TEL.exe
-
Size
233KB
-
MD5
9d492198c90933eb067ea7bd158d0597
-
SHA1
56950f6ba640b4edf603c5bc0f0fa7f460c807d5
-
SHA256
b4b38d7d62a408e89a3c7c0157405cf65862ddb6a1fb23a931311a468d051890
-
SHA512
1c511a295e2b6313cc7dc81cdc31a6dd9e1b7a379b67207728fdbfbb5afb977bf03ba10f17428a7a646bce95f7f4c971100aaefbabdd8d7ddba31e44ef4e06c8
-
SSDEEP
6144:JYa68XJgGIPL8bhiG7FYmjIaf76t+EmV8kPgXjd1qN:JYOJgGIj8TYmsaz6t+Eg8bTdE
-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-