Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    VexImageLoggerv3.exe

  • Size

    65.3MB

  • Sample

    231111-rfk3eagd4s

  • MD5

    082961acc588d9b93aa3605dff5ab2e2

  • SHA1

    845a44ed6465478270474e1bde9d9296f61eef8a

  • SHA256

    fc1d56e2f7aa75b70970b72a849bd458bfdd08d230a8ae13c474a9af01865289

  • SHA512

    0d0a3201b89ffba89fb9bd006bbbd7f1e74dd073413c8867e989df61492a9b18e407c824091e1a3005bcdf155811a61bb9a4da63cc1b92c755aafdb5117ad01f

  • SSDEEP

    1572864:j4/4rzOchPByxdFmalhN1LOv4Rkb6n7IFWEOUuqPf7JzDZK7:ckqcdBsdFmyhrRkmn7IFqDqPTXK7

Score
8/10

Malware Config

Targets

    • Target

      VexImageLoggerv3.exe

    • Size

      65.3MB

    • MD5

      082961acc588d9b93aa3605dff5ab2e2

    • SHA1

      845a44ed6465478270474e1bde9d9296f61eef8a

    • SHA256

      fc1d56e2f7aa75b70970b72a849bd458bfdd08d230a8ae13c474a9af01865289

    • SHA512

      0d0a3201b89ffba89fb9bd006bbbd7f1e74dd073413c8867e989df61492a9b18e407c824091e1a3005bcdf155811a61bb9a4da63cc1b92c755aafdb5117ad01f

    • SSDEEP

      1572864:j4/4rzOchPByxdFmalhN1LOv4Rkb6n7IFWEOUuqPf7JzDZK7:ckqcdBsdFmyhrRkmn7IFqDqPTXK7

    Score
    8/10
    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks