Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    25012025_0231_23012025_DETAYLAR.r00

  • Size

    585KB

  • Sample

    250125-czt24asmgm

  • MD5

    c1e210fed77e4ac01e427c238102dba5

  • SHA1

    7c2f1e997e7b292d86422e65b7dce70b9222164b

  • SHA256

    5f6f6e5a9d8b8e79cbe0992b097472a40e3c47c7a131c18c39c2773dcb7f0fc3

  • SHA512

    d7550eb819820d477e89117abc6b75d0252a728e11a642f03ebe8c0549f0d61a487d927650ac52eae9bcd1f6d7f66edb4bc8688f2a581549f83ec48b03e2ed1a

  • SSDEEP

    12288:R0WlcwrmMU4CFhfVMdvLj529cy4eN3DOf5ILt8wu:BG0U5fVUzjWvuILtZu

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8061096285:AAEYYo-FdY3VzqcT3L8EdN5KV_wk8MmCyiw/sendMessage?chat_id=6557702940

Targets

    • Target

      DETAYLAR.exe

    • Size

      937KB

    • MD5

      e6b56e94b3f34e54f67fcda4fd5b9840

    • SHA1

      c7e1b2a8bca28b118c62a756953454c4603ac81a

    • SHA256

      a00d51621c4254d7e20b8afe9288757bd53d984b9afe143e45f5a18f6f5c636d

    • SHA512

      5b4ffdd7757da93037b34164b3e6a38baf1fbbf78e9832408b75c9d14256b16a39925a24991af9a6966071cbbc28045f97664db9189e4a91d777f67890a47a57

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCRZ9o1lrrukJ3sySo1emahSjh:7JZoQrbTFZY1iaCf4rrukeLcemUSjh

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks