Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc.exe
-
Size
775KB
-
Sample
240710-cqdzhs1cjk
-
MD5
0d0f944239a7dd07826e28edf9647185
-
SHA1
3911f09935fb37f9f6cc3ff990e12e6143282d8a
-
SHA256
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc
-
SHA512
e5077fa3179d7082587d606b8c8c6b5c0d74794225394522d92a06295e962a1cdb9868ac415720e3908222cc6c55312d24868be8d8ec2e52ef81243080fe5b7e
-
SSDEEP
12288:7akAv7gfFvt8pjs0p1cvxM/r9RKGqHmIdD+c:+kiext2Y0QMz9RKHHF9D
Static task
static1
Behavioral task
behavioral1
Sample
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7377884885:AAGDE6_d9hXHQkXeQnXVnXZia5CIJu4gajM/sendMessage?chat_id=7161549085
Targets
-
-
Target
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc.exe
-
Size
775KB
-
MD5
0d0f944239a7dd07826e28edf9647185
-
SHA1
3911f09935fb37f9f6cc3ff990e12e6143282d8a
-
SHA256
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc
-
SHA512
e5077fa3179d7082587d606b8c8c6b5c0d74794225394522d92a06295e962a1cdb9868ac415720e3908222cc6c55312d24868be8d8ec2e52ef81243080fe5b7e
-
SSDEEP
12288:7akAv7gfFvt8pjs0p1cvxM/r9RKGqHmIdD+c:+kiext2Y0QMz9RKHHF9D
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
4d3b19a81bd51f8ce44b93643a4e3a99
-
SHA1
35f8b00e85577b014080df98bd2c378351d9b3e9
-
SHA256
fda0018ab182ac6025d2fc9a2efcce3745d1da21ce5141859f8286cf319a52ce
-
SHA512
b2ba9c961c0e1617f802990587a9000979ab5cc493ae2f8ca852eb43eeaf24916b0b29057dbff7d41a1797dfb2dce3db41990e8639b8f205771dbec3fd80f622
-
SSDEEP
192:BPtkumJX7zB22kGwfy0mtVgkCPOse1un:u702k5qpdseQn
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
3eb4cd50dcb9f5981f5408578cb7fb70
-
SHA1
13b38cc104ba6ee22dc4dfa6e480e36587f4bc71
-
SHA256
1c2f19e57dc72587aa00800a498c5f581b7d6761dc13b24bcf287ea7bd5ca2bf
-
SHA512
5a0c9d28df7a77e157046dce876282c48f434a441ee34e12b88f55be31be536eff676f580adbe4586da3f1519f94b5793ccbb3068b4b009eee286c0c5135d324
-
SSDEEP
96:+7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNv3e:QXhHR0aTQN4gRHdMqJVgNG
Score3/10 -