Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
M7R81255.exe
-
Size
648KB
-
Sample
230525-jh4njahb7z
-
MD5
322515f9ba9bd3518dec81faffd472eb
-
SHA1
45ac88817480d186a3b281058ad1a9f3e4176e11
-
SHA256
06045cf83f2510a653e35d63d4e77dcc1d2265050be035ef7ea00fc2b855da2f
-
SHA512
a62ef86a7449c6f9c6d2dd024c851e0cd94e9be32b36e664dd2407030af13ca19e92ff9f99b07c194f3dc0e9f9e5223e2997141619aa418913e1d161d5f7315c
-
SSDEEP
12288:caWIm6lVvtzZBEP85djvZq92yjpN8YuMpH9zr7ELN9rXRg1LHNVQ:xTmIt9BEP8LRq92yN/H/zrurru
Static task
static1
Behavioral task
behavioral1
Sample
M7R81255.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
M7R81255.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6011587164:AAE511fkFXh2HFxNMsjh7DJ7AykzyWIVuaY/sendMessage?chat_id=6197263581
Targets
-
-
Target
M7R81255.exe
-
Size
648KB
-
MD5
322515f9ba9bd3518dec81faffd472eb
-
SHA1
45ac88817480d186a3b281058ad1a9f3e4176e11
-
SHA256
06045cf83f2510a653e35d63d4e77dcc1d2265050be035ef7ea00fc2b855da2f
-
SHA512
a62ef86a7449c6f9c6d2dd024c851e0cd94e9be32b36e664dd2407030af13ca19e92ff9f99b07c194f3dc0e9f9e5223e2997141619aa418913e1d161d5f7315c
-
SSDEEP
12288:caWIm6lVvtzZBEP85djvZq92yjpN8YuMpH9zr7ELN9rXRg1LHNVQ:xTmIt9BEP8LRq92yN/H/zrurru
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-