Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Swift_Payment_Copy.s͏x͏l͏x͏.exe
-
Size
2.2MB
-
Sample
240809-h46vcaxgjm
-
MD5
5bf9c004691c7497b5e94f131ae0b40f
-
SHA1
21b9a8c455fdab04bd71c0a26e5877cfe8ddb999
-
SHA256
67285edd0d6730914d31dc4a0ffa9e7f43587a9051186beffd242b9a0621f0cf
-
SHA512
963797faf17c4078c80893640f7dc12123bdc51ebad78171e23c7f6b2599c06f361baf3dca55126d1e2fab44422c383fb3a08fcad750c5a7d766b069a6509f5d
-
SSDEEP
49152:5WiP0wV0hJ5VGx6ODJ1+qEtWX33oG1Sdhopo:dVUcBabPmo
Static task
static1
Behavioral task
behavioral1
Sample
Swift_Payment_Copy.s͏x͏l͏x͏.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Swift_Payment_Copy.s͏x͏l͏x͏.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7326718143:AAHCoPbdl01YWgtL8Z76U43CTNQwWuaC5Lk/sendMessage?chat_id=7121607304
Targets
-
-
Target
Swift_Payment_Copy.s͏x͏l͏x͏.exe
-
Size
2.2MB
-
MD5
5bf9c004691c7497b5e94f131ae0b40f
-
SHA1
21b9a8c455fdab04bd71c0a26e5877cfe8ddb999
-
SHA256
67285edd0d6730914d31dc4a0ffa9e7f43587a9051186beffd242b9a0621f0cf
-
SHA512
963797faf17c4078c80893640f7dc12123bdc51ebad78171e23c7f6b2599c06f361baf3dca55126d1e2fab44422c383fb3a08fcad750c5a7d766b069a6509f5d
-
SSDEEP
49152:5WiP0wV0hJ5VGx6ODJ1+qEtWX33oG1Sdhopo:dVUcBabPmo
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-