Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae
-
Size
6KB
-
Sample
240927-lvqcsazamf
-
MD5
d5fa21dbb9ba07ad7bcc0573b444523d
-
SHA1
a5033454df4e3d451c9ea23583267ddd5e7e84cc
-
SHA256
052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae
-
SHA512
d6409f0b3675cd4b407887ef148e7eb5baf5f3308366e59eb99e07089217b36281f99f039788224bcfb42806a8a59170877be6f940a50e5a71a3c8d7cba547ce
-
SSDEEP
96:3m0sGpi1tzJt68ZJuRV3ZIXz0R5QCjztWsElE1AvzNt:Ipta4ARV3Zs0fFjpWscEu5
Static task
static1
Behavioral task
behavioral1
Sample
052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7212079649:AAHIRpk50BTgHwViJlADd3K83LBtWap8NNE/sendMessage?chat_id=6008123474
Targets
-
-
Target
052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae
-
Size
6KB
-
MD5
d5fa21dbb9ba07ad7bcc0573b444523d
-
SHA1
a5033454df4e3d451c9ea23583267ddd5e7e84cc
-
SHA256
052014ca9e8c3bb9f56c5b5fc0684b3e9b4109cd51b20bfaeffb25d5a5f038ae
-
SHA512
d6409f0b3675cd4b407887ef148e7eb5baf5f3308366e59eb99e07089217b36281f99f039788224bcfb42806a8a59170877be6f940a50e5a71a3c8d7cba547ce
-
SSDEEP
96:3m0sGpi1tzJt68ZJuRV3ZIXz0R5QCjztWsElE1AvzNt:Ipta4ARV3Zs0fFjpWscEu5
-
Snake Keylogger payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-