Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b20add8b1ca2d673dcce96474e03d83b90c36f1fcf5f12e40c1b3ee18ee93f7a.exe
-
Size
793KB
-
Sample
240806-cnwrjswerr
-
MD5
9e8fd9c35d3b5d71def38d4b8fddd0ab
-
SHA1
4e5a0a7301f5ebce4f36b403802165d58bddf755
-
SHA256
b20add8b1ca2d673dcce96474e03d83b90c36f1fcf5f12e40c1b3ee18ee93f7a
-
SHA512
068b79801d6e02f6cdfcfe65df364b8d81a0cc061284be72036be91a41e2994bbcdb2f73f100c69fd0945136d0b562ea7a33d55826a6cc0cf2a2a4f3de341c91
-
SSDEEP
12288:CNta0s5YgbYSc6GLl19xnDmkSHmJEb+5cZe/e73XsZd:pL3cnHxnKkTJEVqa3XsZd
Static task
static1
Behavioral task
behavioral1
Sample
b20add8b1ca2d673dcce96474e03d83b90c36f1fcf5f12e40c1b3ee18ee93f7a.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
b20add8b1ca2d673dcce96474e03d83b90c36f1fcf5f12e40c1b3ee18ee93f7a.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6321055561:AAFBfch7gvJP9JYWkjm5t-zoz8g0dXedX9U/sendMessage?chat_id=7212496360
Targets
-
-
Target
b20add8b1ca2d673dcce96474e03d83b90c36f1fcf5f12e40c1b3ee18ee93f7a.exe
-
Size
793KB
-
MD5
9e8fd9c35d3b5d71def38d4b8fddd0ab
-
SHA1
4e5a0a7301f5ebce4f36b403802165d58bddf755
-
SHA256
b20add8b1ca2d673dcce96474e03d83b90c36f1fcf5f12e40c1b3ee18ee93f7a
-
SHA512
068b79801d6e02f6cdfcfe65df364b8d81a0cc061284be72036be91a41e2994bbcdb2f73f100c69fd0945136d0b562ea7a33d55826a6cc0cf2a2a4f3de341c91
-
SSDEEP
12288:CNta0s5YgbYSc6GLl19xnDmkSHmJEb+5cZe/e73XsZd:pL3cnHxnKkTJEVqa3XsZd
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-