Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b423c0f05afa1b0e32ba18a552ac0d4020bb69a055602c94323d5bbd4c9cefa8.zip
-
Size
296KB
-
Sample
231022-vkzm5sbc7t
-
MD5
d63c378c1f064dca7377b99fe262c61a
-
SHA1
3319b695e3e858d0946404a87bbd524be5f0d5f8
-
SHA256
822277335b300a70709e953b0e1a95bf79327afe6f107bc23159b4ba57d43ca0
-
SHA512
a40f03c2d93a9d4d857147688255e20f341e2b5cf2a725dcb62ef076b8c39ddabd2ab24c24db5649a5f3ddad5ac401318d2168e43d59e8bf411d08655f5bbfb0
-
SSDEEP
6144:cwemGfAdfjAJUMEVDEbaR4bTXT70lKz5CXMJBvQd66qgjwdoR:RemGIByUBDEbaETXT70lKz4cXQdfqgj3
Static task
static1
Behavioral task
behavioral1
Sample
b423c0f05afa1b0e32ba18a552ac0d4020bb69a055602c94323d5bbd4c9cefa8.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
b423c0f05afa1b0e32ba18a552ac0d4020bb69a055602c94323d5bbd4c9cefa8.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6243209595:AAGECSmdSqJiVZcdFoBvotoaKcKT9Lz5Gvw/sendMessage?chat_id=1070926352
Targets
-
-
Target
b423c0f05afa1b0e32ba18a552ac0d4020bb69a055602c94323d5bbd4c9cefa8.exe
-
Size
366KB
-
MD5
1a691869fcecce8373212a390d1fa3e3
-
SHA1
a952c873d4b825940b012e2d0ceb849dd9634d64
-
SHA256
b423c0f05afa1b0e32ba18a552ac0d4020bb69a055602c94323d5bbd4c9cefa8
-
SHA512
6bcac7d3fd19a60fb7c6a52d67cc0a6d8f7684f0a2fa428647a0cc1a03fb2d25c9a0b75b215de432df81113e951c2442ec1b793c93e68f6b99ae6ef7ba62fe5e
-
SSDEEP
6144:L0nJBIKD2SJMz2dR8rZNlvzbV+dHhZdZcZmPaFTPM+OAHhBMdk6ceh9X3P9t0G:sJfD2S+nRbV+dHhZdZcZm2TPZHhBak6I
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-