Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea.exe
-
Size
1009KB
-
Sample
240912-hxrf3sxdme
-
MD5
e687ec1ae50d62b2c1aca5c1840ee194
-
SHA1
b873989a1ed588cfdaa59baaf3437ba04a0f9c46
-
SHA256
6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea
-
SHA512
0d922da1588d25c11f57dc181848f947fbf746f1f39b1d7c61d362e0f9d99221a3ab682ef08d71879eed99b16a300592fd022874a100d5db658b9b6d71d9b3b5
-
SSDEEP
24576:O4lavt0LkLL9IMixoEgeaivwKRV2YkHSFq9MmCS:5kwkn9IMHeaivtRkOaPCS
Static task
static1
Behavioral task
behavioral1
Sample
6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7103143262:AAG465MUhsk82xbAoiKNfXs-PGi4dmGgzyE/sendMessage?chat_id=7337843299
Targets
-
-
Target
6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea.exe
-
Size
1009KB
-
MD5
e687ec1ae50d62b2c1aca5c1840ee194
-
SHA1
b873989a1ed588cfdaa59baaf3437ba04a0f9c46
-
SHA256
6779c558aa40040574565f2eb2e129185377c8b05a8e567650f5d5fa12562dea
-
SHA512
0d922da1588d25c11f57dc181848f947fbf746f1f39b1d7c61d362e0f9d99221a3ab682ef08d71879eed99b16a300592fd022874a100d5db658b9b6d71d9b3b5
-
SSDEEP
24576:O4lavt0LkLL9IMixoEgeaivwKRV2YkHSFq9MmCS:5kwkn9IMHeaivtRkOaPCS
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-