Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
28950d733a57f8b60d6c82be7.bin
-
Size
526KB
-
Sample
230630-nt7xjshb56
-
MD5
6745272f451949366527a8a3a402043c
-
SHA1
61867ab03cb34c57cba027a4f84467e40436717b
-
SHA256
1d8f29874ddf3692e2dfd5953b53e503b64659e6156e1866d9779d37dd2c67aa
-
SHA512
3386c007e769fb77c6122ca006d009031575bd4e9f30b2ef78336176dfafd6d39a92edb6f33ed04edc5128aaf41b6ac3aa0ebcd61bb284d6cbb2a63a9347250e
-
SSDEEP
12288:4/C9UAtr2Eef0GjE7mpn9BK1djHFtDjK1Kvwwfl:4qRyEViE7mpnvKnhBjtw2
Static task
static1
Behavioral task
behavioral1
Sample
cae1354a45569f45b407e95f00ba53ada314874b706f903f91960464c7f5ecea.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
cae1354a45569f45b407e95f00ba53ada314874b706f903f91960464c7f5ecea.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5884813542:AAE_NTHYHJxIqnVXOM0mUNE1h-A-ytq9y8I/sendMessage?chat_id=5334267822
Targets
-
-
Target
cae1354a45569f45b407e95f00ba53ada314874b706f903f91960464c7f5ecea.exe
-
Size
632KB
-
MD5
28950d733a57f8b60d6c82be7c105d5d
-
SHA1
97215f12304287305f5d72bcc1cff6ea67a5388c
-
SHA256
cae1354a45569f45b407e95f00ba53ada314874b706f903f91960464c7f5ecea
-
SHA512
106b1283ff5352915751b5a9168102748d2f1a1eb50253a1680fbaadefc1d01a8b2d9e66281689d4e9a50459ad2bc705c4f9c95f7bd71e2387a5cc822288d6c7
-
SSDEEP
12288:gCXWldJ25/+cNSXq/LpXt3tmiDWkEuZlZ:g25/+cNSXqjpXt9a/ufZ
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-