Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Dtausgiejup.exe

  • Size

    38KB

  • Sample

    230712-qp3s5sed4x

  • MD5

    cdb4c0de3134e1d979a9f34b458d055f

  • SHA1

    9a793a1a495459bc7302d6dc7dfb885ad850fe1e

  • SHA256

    d8b4e8db1b7868e011d7cb64b5035a2b47d96998a1e932d9ad459167fefda416

  • SHA512

    cae5fe494619d43f58f73964454fc60cabcc8a4fef244ccdaab1f89d9c31ffc779c8cbee070da9fd1e928cd46a3bdbb30ebf47ddec4bcb23ba9b5fb66aa0c849

  • SSDEEP

    768:LtTLpAIBOyrL+FsLhI/7liL50XqVkvNsCw053vXwYYft:LtB8sL24LeXjvNfnwYc

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6307849414:AAGmDbHsZCN3tscyYeUw89m9JtBbXMioogc/sendMessage?chat_id=5582419717

Targets

    • Target

      Dtausgiejup.exe

    • Size

      38KB

    • MD5

      cdb4c0de3134e1d979a9f34b458d055f

    • SHA1

      9a793a1a495459bc7302d6dc7dfb885ad850fe1e

    • SHA256

      d8b4e8db1b7868e011d7cb64b5035a2b47d96998a1e932d9ad459167fefda416

    • SHA512

      cae5fe494619d43f58f73964454fc60cabcc8a4fef244ccdaab1f89d9c31ffc779c8cbee070da9fd1e928cd46a3bdbb30ebf47ddec4bcb23ba9b5fb66aa0c849

    • SSDEEP

      768:LtTLpAIBOyrL+FsLhI/7liL50XqVkvNsCw053vXwYYft:LtB8sL24LeXjvNfnwYc

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks