Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Products List.exe
-
Size
502KB
-
Sample
231127-mlb98sfh64
-
MD5
23774a05b01b50041d854d27c78edf3f
-
SHA1
f3bef4db75331bfc451737cbc34f8a1b882c3a66
-
SHA256
43b81452ba3a471f0b239dac8bdbf3a2b59cfe35330626ae5a362ecece07fbad
-
SHA512
49875538e7c40b04e39c728d884583b869852f708cc6ff4662b1110a156ba7d6ffc95cf942f43ec0c112af1acf5ef29eae22b88f8629f563f365394ede0bf2c8
-
SSDEEP
12288:uH72CH8/BgWzP86/3wYkYgmic8H6pj4JELWlDDLNaqxw:y8ZNv3mYgmzpEJcwDvN3w
Static task
static1
Behavioral task
behavioral1
Sample
Products List.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Products List.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
Products List.exe
-
Size
502KB
-
MD5
23774a05b01b50041d854d27c78edf3f
-
SHA1
f3bef4db75331bfc451737cbc34f8a1b882c3a66
-
SHA256
43b81452ba3a471f0b239dac8bdbf3a2b59cfe35330626ae5a362ecece07fbad
-
SHA512
49875538e7c40b04e39c728d884583b869852f708cc6ff4662b1110a156ba7d6ffc95cf942f43ec0c112af1acf5ef29eae22b88f8629f563f365394ede0bf2c8
-
SSDEEP
12288:uH72CH8/BgWzP86/3wYkYgmic8H6pj4JELWlDDLNaqxw:y8ZNv3mYgmzpEJcwDvN3w
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-