Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Dtausgiejup.exe
-
Size
38KB
-
Sample
230712-qp3s5sed4x
-
MD5
cdb4c0de3134e1d979a9f34b458d055f
-
SHA1
9a793a1a495459bc7302d6dc7dfb885ad850fe1e
-
SHA256
d8b4e8db1b7868e011d7cb64b5035a2b47d96998a1e932d9ad459167fefda416
-
SHA512
cae5fe494619d43f58f73964454fc60cabcc8a4fef244ccdaab1f89d9c31ffc779c8cbee070da9fd1e928cd46a3bdbb30ebf47ddec4bcb23ba9b5fb66aa0c849
-
SSDEEP
768:LtTLpAIBOyrL+FsLhI/7liL50XqVkvNsCw053vXwYYft:LtB8sL24LeXjvNfnwYc
Static task
static1
Behavioral task
behavioral1
Sample
Dtausgiejup.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Dtausgiejup.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6307849414:AAGmDbHsZCN3tscyYeUw89m9JtBbXMioogc/sendMessage?chat_id=5582419717
Targets
-
-
Target
Dtausgiejup.exe
-
Size
38KB
-
MD5
cdb4c0de3134e1d979a9f34b458d055f
-
SHA1
9a793a1a495459bc7302d6dc7dfb885ad850fe1e
-
SHA256
d8b4e8db1b7868e011d7cb64b5035a2b47d96998a1e932d9ad459167fefda416
-
SHA512
cae5fe494619d43f58f73964454fc60cabcc8a4fef244ccdaab1f89d9c31ffc779c8cbee070da9fd1e928cd46a3bdbb30ebf47ddec4bcb23ba9b5fb66aa0c849
-
SSDEEP
768:LtTLpAIBOyrL+FsLhI/7liL50XqVkvNsCw053vXwYYft:LtB8sL24LeXjvNfnwYc
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-