Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Uecqyndauhl.exe
-
Size
837KB
-
Sample
230829-n6v4hscd22
-
MD5
7af8d321a3c0d9a27f7a9ab29ad5b16a
-
SHA1
29e56ec4934fab9865fbd4d41698840fefd8b33d
-
SHA256
8f0f73da0cf00759da7bdb027e9f33abfd04617d19ec3d574901b1eb36e21078
-
SHA512
9f8b8f7be56ed8721c4a21f7fffc82b0f8a592f7b3871f55191a9355f6e8c838a8c6e7c61ef12ae4334445a3617250741ad24f42b276062bc368832eabad2a04
-
SSDEEP
12288:b/y7FGqvrNujgr+w6u17Xh6uROvKDGSIlQVSjZfQg4lToURIUh9mJRJPZ6JvC7R6:ruGq0grx16uYvKslQERJ7PAqN7
Static task
static1
Behavioral task
behavioral1
Sample
Uecqyndauhl.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Uecqyndauhl.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5651670986:AAHpwwN-ny7apM0yBwQlweVd-JZOihDUBEA/sendMessage?chat_id=5716598986
Targets
-
-
Target
Uecqyndauhl.exe
-
Size
837KB
-
MD5
7af8d321a3c0d9a27f7a9ab29ad5b16a
-
SHA1
29e56ec4934fab9865fbd4d41698840fefd8b33d
-
SHA256
8f0f73da0cf00759da7bdb027e9f33abfd04617d19ec3d574901b1eb36e21078
-
SHA512
9f8b8f7be56ed8721c4a21f7fffc82b0f8a592f7b3871f55191a9355f6e8c838a8c6e7c61ef12ae4334445a3617250741ad24f42b276062bc368832eabad2a04
-
SSDEEP
12288:b/y7FGqvrNujgr+w6u17Xh6uROvKDGSIlQVSjZfQg4lToURIUh9mJRJPZ6JvC7R6:ruGq0grx16uYvKslQERJ7PAqN7
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-