Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
mkhg_Zvfw.hta
-
Size
47KB
-
Sample
230922-qwhrjsgc7t
-
MD5
1021b9b4d037fc4076b1e9ab096b2865
-
SHA1
fe99b870362e9c2494ff5ff871030f9e7c697975
-
SHA256
0677bfc48f0007ebc9595793109fd6b7d096c800aa8dfcd1a2736f57896e0b8e
-
SHA512
224ad1edec31f48ebecb4fe54defd7a91f13621de568f1321b3ef92ced2e251fd5506c6d3243fdb4354a55da72bb6bb137fa1611d03995a24d7aca1a70fb470c
-
SSDEEP
768:s+xarxSyLCcHOJvVxZFGrnath42PZHpkIV0T3ytMQOtW4vrjz9kuxY:jmXHkVxZFKnm22PZHGIV0T3ytM443z94
Static task
static1
Behavioral task
behavioral1
Sample
mkhg_Zvfw.hta
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
mkhg_Zvfw.hta
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6316392918:AAHcjKTVDupG6SMH3LkXAeVBgHKlqsAcmRU/sendMessage?chat_id=6445748530
Targets
-
-
Target
mkhg_Zvfw.hta
-
Size
47KB
-
MD5
1021b9b4d037fc4076b1e9ab096b2865
-
SHA1
fe99b870362e9c2494ff5ff871030f9e7c697975
-
SHA256
0677bfc48f0007ebc9595793109fd6b7d096c800aa8dfcd1a2736f57896e0b8e
-
SHA512
224ad1edec31f48ebecb4fe54defd7a91f13621de568f1321b3ef92ced2e251fd5506c6d3243fdb4354a55da72bb6bb137fa1611d03995a24d7aca1a70fb470c
-
SSDEEP
768:s+xarxSyLCcHOJvVxZFGrnath42PZHpkIV0T3ytMQOtW4vrjz9kuxY:jmXHkVxZFKnm22PZHGIV0T3ytM443z94
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-