Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.1e5aaff948f19f643319f41f91ce20c6b3e3ceca9084334b7910294bceff46b0exe_JC.exe
-
Size
622KB
-
Sample
231023-tysajscb54
-
MD5
b4d7f22c8fa0d77d4ca4aa60e381a0f2
-
SHA1
f6af8b30e8e979fd2c246e65f78b59c0eb04e36c
-
SHA256
1e5aaff948f19f643319f41f91ce20c6b3e3ceca9084334b7910294bceff46b0
-
SHA512
beb52b162712cf785d5ec7d5f8b4be6e1328a288f121d5cd8385a7128f28c7a3cdc249491158081a354581b6b3e6159d8183a533d57f7392efe657c041e72676
-
SSDEEP
12288:hCUeIBMSjOwO7mdVr30Pps3m2h8k678G5gCzku7nbIyq1XPDV1dO8Hb3EJ:FowEaVrEBsJh8v80Uuo
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.1e5aaff948f19f643319f41f91ce20c6b3e3ceca9084334b7910294bceff46b0exe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.1e5aaff948f19f643319f41f91ce20c6b3e3ceca9084334b7910294bceff46b0exe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6454266704:AAGc7MbDFOw3VJ52r1hPLsjSZvjH8GUmylk/sendMessage?chat_id=1467583453
Targets
-
-
Target
NEAS.1e5aaff948f19f643319f41f91ce20c6b3e3ceca9084334b7910294bceff46b0exe_JC.exe
-
Size
622KB
-
MD5
b4d7f22c8fa0d77d4ca4aa60e381a0f2
-
SHA1
f6af8b30e8e979fd2c246e65f78b59c0eb04e36c
-
SHA256
1e5aaff948f19f643319f41f91ce20c6b3e3ceca9084334b7910294bceff46b0
-
SHA512
beb52b162712cf785d5ec7d5f8b4be6e1328a288f121d5cd8385a7128f28c7a3cdc249491158081a354581b6b3e6159d8183a533d57f7392efe657c041e72676
-
SSDEEP
12288:hCUeIBMSjOwO7mdVr30Pps3m2h8k678G5gCzku7nbIyq1XPDV1dO8Hb3EJ:FowEaVrEBsJh8v80Uuo
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-