Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN
-
Size
1.1MB
-
Sample
240916-z22ahszeqe
-
MD5
d19e57cc9fadabb7d0b4d5f29afaab80
-
SHA1
f0678c2796dbf40a30fcc4e9d2455641bd83866d
-
SHA256
bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994a
-
SHA512
3f91e041a19d0316296244e58f04108cca4357e3b28785425fa24b3b9d5ce3b2ab26c2445c20b9719d9acd7920481c2a19597897fd6a69894f5cac58526b8c7a
-
SSDEEP
24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8a+gLAAB8CeF:sTvC/MTQYxsWR7a+gLAAte
Static task
static1
Behavioral task
behavioral1
Sample
bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7505197168:AAH44rUOfgM2A0VfpI637HSQjCH00DQZX48/sendMessage?chat_id=875935923
Targets
-
-
Target
bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994aN
-
Size
1.1MB
-
MD5
d19e57cc9fadabb7d0b4d5f29afaab80
-
SHA1
f0678c2796dbf40a30fcc4e9d2455641bd83866d
-
SHA256
bb64f5d78d45a7994988a5aea5c5fd06aa9be2106d38be875e3e7041d58a994a
-
SHA512
3f91e041a19d0316296244e58f04108cca4357e3b28785425fa24b3b9d5ce3b2ab26c2445c20b9719d9acd7920481c2a19597897fd6a69894f5cac58526b8c7a
-
SSDEEP
24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8a+gLAAB8CeF:sTvC/MTQYxsWR7a+gLAAte
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-