Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81.ace

  • Size

    750KB

  • Sample

    240822-j6gtnszeln

  • MD5

    64f7032c5d17b6757bc1e3b688c10209

  • SHA1

    457221e5c56a3e23db645c0158cd59e1e8cc9937

  • SHA256

    a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81

  • SHA512

    7bba58515bead402d8c2520ddd17bc8e19f45c49e08c64701595e6e6517bb96364af94c41e5db7357adf0b97fd64cfdae0bdc7a6c0bd9dad0b9593e373b4b909

  • SSDEEP

    12288:hZmlJzEhl413zvuPMSpyuR8LNf2G3FlxTBWbKifdCqth4BwHUHsMtxZPdkcFb2JQ:7mnoA1zvu0Sp9RqYG3xTQCuhYcUHpZPn

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      SC_TR116709004.exe

    • Size

      858KB

    • MD5

      955ef5d0b9b9dca9ee8f7c7b31e3ffc8

    • SHA1

      a34198c2c2f45aeb6b328ad0b3eabfed31567659

    • SHA256

      8a2bb551ab8c8dda94f89421cb885546f6507ec2ffd24084376a2b4992378d59

    • SHA512

      0c1dc44214efc6ea558b3421750b5e3c79b40b72bd65e9353ed7d3067451903721c180d997282428570412f9e35956faf28ea7a30e923c8a1c0bc95a74972938

    • SSDEEP

      12288:yCQuNPaRtCQjl6dJuL/1470hhoxCaqShlOPn0aZwyT86QySfz10YsXOB:1NDsYdJuL/i70h+Caqi8Zkjyyz1sOB

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks