Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d
-
Size
580KB
-
Sample
241013-j1px4awepf
-
MD5
50a72bdb6e0977bf055acaab04f857c0
-
SHA1
a8968ae6909ff8e093bab35ebfebb629c767d016
-
SHA256
14d75bf0f922ed0de2b05334b3eedeb1f762347f198b0b36c3c56807cfe34e3d
-
SHA512
1f8a7a53c89cff4090699018ee412f41687306c8f6545fc3090b4dbddb81e39aacd080059239cd39afec5313f129794ebb8d2903e4f79d4e16b2b6d969e0d116
-
SSDEEP
12288:004EpvXkzZIwNLllXQaw5I9ncDl5ixr+oqwByRPGGClvCfWN44:004waIKRQazncDlw+oXv+IV
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents_pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Shipping Documents_pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.al-subai.com - Port:
587 - Username:
[email protected] - Password:
A_Sadek1962 - Email To:
[email protected]
Targets
-
-
Target
Shipping Documents_pdf.exe
-
Size
1.1MB
-
MD5
d696ff10344001019fdba47183cc496c
-
SHA1
2c2c34a60253de99e5b46e999877cd84ef9964f5
-
SHA256
edd9ba7dee624d71aca582cd72c90bb9cf739eb6e21f822368a5a5eb9e7d5bf6
-
SHA512
a7de62d8d78116751a0c43eac93c986d87d80c20c027a88881f51b1d305e8029f4cfba6be21e7b426785a5efd37ea401096a341461a8286edb3d006dbcb1cbf0
-
SSDEEP
24576:PCdxte/80jYLT3U1jfsWa71UCbzeA6tiSS5Q:Ow80cTsjkWaBXOVd
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-