Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

FA031225.exe

windows7-x64

10

FA031225.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.r00

  • Size

    491KB

  • Sample

    250319-rvy8ks1ns5

  • MD5

    de91c7ceb8ba00f562e2b51eca7774be

  • SHA1

    44c0f1dcc6afc27f1f72b06fdf9991a212036f30

  • SHA256

    60d069ae3889708f5f48fee114e39f57c5bb5d34ebcfcdc08a0fd0e9558a6196

  • SHA512

    ae352ba4dd721c82d268020a725e62db8bddb61b08f5f8fa63387f3bd1133a490fd585f7602acd093a602d00e2bac24848534dc19de0a72ffd0965e4535b9847

  • SSDEEP

    12288:NyVVH63KpdrjukO+Ax7kr+eiGd3XDFfsrwi0:I3HAO1O+k7Ejk2

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8145417072:AAER8KhmgyPoJoyAtLOcMP4ioM6K7ubnhTE/sendMessage?chat_id=7282830258

Targets

    • Target

      FA031225.exe

    • Size

      975KB

    • MD5

      8662ea1b48530f3a33f452f9425b3da8

    • SHA1

      95686f637d76f66ebc45343a3513e7714058c737

    • SHA256

      0f7a6cf0d9068cc6ade0e209574e007435e63f67983f05548b07751f103ef322

    • SHA512

      149cc3ed3ea5beae5f2dd3acf3afdd18be3eec97ed6452d9d93a6fdd65fba54d536d7ff394c35c4431ccfbd981af4424897b685b4e806b1edba752f38560d193

    • SSDEEP

      24576:ru6J33O0c+JY5UZ+XC0kGso6FaQ8FHDCWY:Fu0c++OCvkGs9FaQ+FY

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks