Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81.ace
-
Size
750KB
-
Sample
240822-j6gtnszeln
-
MD5
64f7032c5d17b6757bc1e3b688c10209
-
SHA1
457221e5c56a3e23db645c0158cd59e1e8cc9937
-
SHA256
a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81
-
SHA512
7bba58515bead402d8c2520ddd17bc8e19f45c49e08c64701595e6e6517bb96364af94c41e5db7357adf0b97fd64cfdae0bdc7a6c0bd9dad0b9593e373b4b909
-
SSDEEP
12288:hZmlJzEhl413zvuPMSpyuR8LNf2G3FlxTBWbKifdCqth4BwHUHsMtxZPdkcFb2JQ:7mnoA1zvu0Sp9RqYG3xTQCuhYcUHpZPn
Static task
static1
Behavioral task
behavioral1
Sample
SC_TR116709004.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
SC_TR116709004.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.afaqtowaiq.com - Port:
587 - Username:
[email protected] - Password:
Aa77882009@ - Email To:
[email protected]
Targets
-
-
Target
SC_TR116709004.exe
-
Size
858KB
-
MD5
955ef5d0b9b9dca9ee8f7c7b31e3ffc8
-
SHA1
a34198c2c2f45aeb6b328ad0b3eabfed31567659
-
SHA256
8a2bb551ab8c8dda94f89421cb885546f6507ec2ffd24084376a2b4992378d59
-
SHA512
0c1dc44214efc6ea558b3421750b5e3c79b40b72bd65e9353ed7d3067451903721c180d997282428570412f9e35956faf28ea7a30e923c8a1c0bc95a74972938
-
SSDEEP
12288:yCQuNPaRtCQjl6dJuL/1470hhoxCaqShlOPn0aZwyT86QySfz10YsXOB:1NDsYdJuL/i70h+Caqi8Zkjyyz1sOB
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-