Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2.exe
-
Size
678KB
-
Sample
230825-meb1wsce6t
-
MD5
0891828f1502941749122ed54cd6897d
-
SHA1
bd4d8ce5e687c6473e7ec4d72311c5e2c6852d75
-
SHA256
25f7c89c3dcc8b8076ca12cc9365de1c43f3ead9f73fce80ec1ef307cb5f06b5
-
SHA512
fc9d9e73b720fee646cd3a95e5a1fcdd91824b7b8ccdfd910d68721b9bf9f4da4c76b59e7210b999393d4684e8b6703c899b5de9d83b12ceab67384efaa78381
-
SSDEEP
12288:p8cVVgE3VPMwSnJfsGaYiQKiAysmST4TQ10/hJP05:ecbgGTSJEGOVym4M605
Static task
static1
Behavioral task
behavioral1
Sample
2.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6698608019:AAEr3w3gmqUN6-QUxCNnkSYZbMXOSFZ3FDo/sendMessage?chat_id=5732008790
Targets
-
-
Target
2.exe
-
Size
678KB
-
MD5
0891828f1502941749122ed54cd6897d
-
SHA1
bd4d8ce5e687c6473e7ec4d72311c5e2c6852d75
-
SHA256
25f7c89c3dcc8b8076ca12cc9365de1c43f3ead9f73fce80ec1ef307cb5f06b5
-
SHA512
fc9d9e73b720fee646cd3a95e5a1fcdd91824b7b8ccdfd910d68721b9bf9f4da4c76b59e7210b999393d4684e8b6703c899b5de9d83b12ceab67384efaa78381
-
SSDEEP
12288:p8cVVgE3VPMwSnJfsGaYiQKiAysmST4TQ10/hJP05:ecbgGTSJEGOVym4M605
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-