Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Uecqyndauhl.exe

  • Size

    837KB

  • Sample

    230829-n6v4hscd22

  • MD5

    7af8d321a3c0d9a27f7a9ab29ad5b16a

  • SHA1

    29e56ec4934fab9865fbd4d41698840fefd8b33d

  • SHA256

    8f0f73da0cf00759da7bdb027e9f33abfd04617d19ec3d574901b1eb36e21078

  • SHA512

    9f8b8f7be56ed8721c4a21f7fffc82b0f8a592f7b3871f55191a9355f6e8c838a8c6e7c61ef12ae4334445a3617250741ad24f42b276062bc368832eabad2a04

  • SSDEEP

    12288:b/y7FGqvrNujgr+w6u17Xh6uROvKDGSIlQVSjZfQg4lToURIUh9mJRJPZ6JvC7R6:ruGq0grx16uYvKslQERJ7PAqN7

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5651670986:AAHpwwN-ny7apM0yBwQlweVd-JZOihDUBEA/sendMessage?chat_id=5716598986

Targets

    • Target

      Uecqyndauhl.exe

    • Size

      837KB

    • MD5

      7af8d321a3c0d9a27f7a9ab29ad5b16a

    • SHA1

      29e56ec4934fab9865fbd4d41698840fefd8b33d

    • SHA256

      8f0f73da0cf00759da7bdb027e9f33abfd04617d19ec3d574901b1eb36e21078

    • SHA512

      9f8b8f7be56ed8721c4a21f7fffc82b0f8a592f7b3871f55191a9355f6e8c838a8c6e7c61ef12ae4334445a3617250741ad24f42b276062bc368832eabad2a04

    • SSDEEP

      12288:b/y7FGqvrNujgr+w6u17Xh6uROvKDGSIlQVSjZfQg4lToURIUh9mJRJPZ6JvC7R6:ruGq0grx16uYvKslQERJ7PAqN7

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks