Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Vessel Information.exe
-
Size
491KB
-
Sample
240613-ryp43sshld
-
MD5
074900bf90c8e83bfd5f79479f91ed1f
-
SHA1
9001cb1924963b0a35db3d78d50faa3cb54bca5b
-
SHA256
c3f8b456725a6e744d7d59b5456b99c988b8b5565a18bf5f25b36a78bbed060e
-
SHA512
a9b2a8ae609174edaf49f17664514acd04dbe10f2b75af2d1a5c181e5d6cb126ecac21bc82b06721df53a99502c48e0829e737558423b89db8f0a30e87dd962b
-
SSDEEP
12288:ttMyF3ltmeOVahfG3+CSQ9vkk93YmSWWsGf:XM6ltmOa+CSQCk93XWsq
Static task
static1
Behavioral task
behavioral1
Sample
Vessel Information.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Vessel Information.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
http://103.130.147.85
Targets
-
-
Target
Vessel Information.exe
-
Size
491KB
-
MD5
074900bf90c8e83bfd5f79479f91ed1f
-
SHA1
9001cb1924963b0a35db3d78d50faa3cb54bca5b
-
SHA256
c3f8b456725a6e744d7d59b5456b99c988b8b5565a18bf5f25b36a78bbed060e
-
SHA512
a9b2a8ae609174edaf49f17664514acd04dbe10f2b75af2d1a5c181e5d6cb126ecac21bc82b06721df53a99502c48e0829e737558423b89db8f0a30e87dd962b
-
SSDEEP
12288:ttMyF3ltmeOVahfG3+CSQ9vkk93YmSWWsGf:XM6ltmOa+CSQCk93XWsq
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-