Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18012025_0130_17012025_MV ANNA SCHULTE.zip
-
Size
300KB
-
Sample
250118-bw1vssypdx
-
MD5
2be7a202172a6d7c36d2358d06b081e4
-
SHA1
d9ac82890c8a8af56cf87b518edd5e2e507ec320
-
SHA256
4ad6dffce24c1fb1cfcb905454a685048417188cf2b9abdbebe0f5c56d8594af
-
SHA512
d1f90ff36ffba3c20b98b00845d0b6ce481ce4eca86aef1fd093bb0c22b0e67605e0ecd889fa4d826c30ce3b739e9de78e71259451c8dc6f833c5a49c2e5d65e
-
SSDEEP
6144:fwoWZlwBGjgGzLMMLp66KI5DLTtgwe9O487ZvgYsE:fwLZuGjhzLQ6KATtbe9OVvZz
Static task
static1
Behavioral task
behavioral1
Sample
MV ANNA SCHULTE.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
MV ANNA SCHULTE.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.active.by - Port:
25 - Username:
[email protected] - Password:
geecf683:m - Email To:
[email protected]
Targets
-
-
Target
MV ANNA SCHULTE.exe
-
Size
577KB
-
MD5
b9db6e64aefb803d0cfadba814ead25b
-
SHA1
e96d221c5117d1c41320acce0070abd7d12ebb54
-
SHA256
08bd6da35f2dd636fed920f5b2fc4a66370e07f4ce83159fe2c47d20933087d9
-
SHA512
e90176f7936103f7f9116de81824de760168aa21e91aacf6ad2527c8047d946c277d2eb492699de1e0b0a49d28719e987f78b89db360ff088b60bf9c98ecab3d
-
SSDEEP
12288:ZbRKjP7newedqROaZhn3PJH54prTtmPhxo3////rK///I/////+z5tLfSXPgX:DKjP7ewedbKh3BHWK6////G///I////e
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-