Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
25012025_0231_23012025_DETAYLAR.r00
-
Size
585KB
-
Sample
250125-czt24asmgm
-
MD5
c1e210fed77e4ac01e427c238102dba5
-
SHA1
7c2f1e997e7b292d86422e65b7dce70b9222164b
-
SHA256
5f6f6e5a9d8b8e79cbe0992b097472a40e3c47c7a131c18c39c2773dcb7f0fc3
-
SHA512
d7550eb819820d477e89117abc6b75d0252a728e11a642f03ebe8c0549f0d61a487d927650ac52eae9bcd1f6d7f66edb4bc8688f2a581549f83ec48b03e2ed1a
-
SSDEEP
12288:R0WlcwrmMU4CFhfVMdvLj529cy4eN3DOf5ILt8wu:BG0U5fVUzjWvuILtZu
Static task
static1
Behavioral task
behavioral1
Sample
DETAYLAR.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
DETAYLAR.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot8061096285:AAEYYo-FdY3VzqcT3L8EdN5KV_wk8MmCyiw/sendMessage?chat_id=6557702940
Targets
-
-
Target
DETAYLAR.exe
-
Size
937KB
-
MD5
e6b56e94b3f34e54f67fcda4fd5b9840
-
SHA1
c7e1b2a8bca28b118c62a756953454c4603ac81a
-
SHA256
a00d51621c4254d7e20b8afe9288757bd53d984b9afe143e45f5a18f6f5c636d
-
SHA512
5b4ffdd7757da93037b34164b3e6a38baf1fbbf78e9832408b75c9d14256b16a39925a24991af9a6966071cbbc28045f97664db9189e4a91d777f67890a47a57
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCRZ9o1lrrukJ3sySo1emahSjh:7JZoQrbTFZY1iaCf4rrukeLcemUSjh
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-