Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2.exe

  • Size

    92KB

  • Sample

    240821-lx3qwssapa

  • MD5

    252ea5ee65a29abdc7bd0143f48aeba0

  • SHA1

    16d2e6ec8a3e851adf1c7d6f6150b4d8aa002b85

  • SHA256

    cb0ce49811fc7dfa01b165bb3c7721c6f2e4148951e136e4ce3cfea6e877ff4d

  • SHA512

    3fa8586a53d8f042a5c46d019050bfe7e0143d08b95aba290caeddd61e91f6eacd523ff2371ed3199286893acb3f6e8d624e9afef9e757b536eb450b685b82ef

  • SSDEEP

    768:QZRe2ORdHV9tncGm4Z9MShLxbQFQhlJHTR91Ne8fuxyziKEUYdbVUGGTlB:QvodH9n/bMSh5JlZTV0fNKE/eGGRB

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      2.exe

    • Size

      92KB

    • MD5

      252ea5ee65a29abdc7bd0143f48aeba0

    • SHA1

      16d2e6ec8a3e851adf1c7d6f6150b4d8aa002b85

    • SHA256

      cb0ce49811fc7dfa01b165bb3c7721c6f2e4148951e136e4ce3cfea6e877ff4d

    • SHA512

      3fa8586a53d8f042a5c46d019050bfe7e0143d08b95aba290caeddd61e91f6eacd523ff2371ed3199286893acb3f6e8d624e9afef9e757b536eb450b685b82ef

    • SSDEEP

      768:QZRe2ORdHV9tncGm4Z9MShLxbQFQhlJHTR91Ne8fuxyziKEUYdbVUGGTlB:QvodH9n/bMSh5JlZTV0fNKE/eGGRB

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks