Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1.exe
-
Size
791KB
-
Sample
240822-mkj9fssajf
-
MD5
ca72531e5be781f589e9a3a6790f21bf
-
SHA1
8cea2052547bdb3cf23cceb3671a7e28a8b2da3b
-
SHA256
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1
-
SHA512
609f89c83144412f182e8ac555c7194843425c2563b2b517d0f0d6d6ff9baa4ee715756d6df5871b3a455c488eef5a5ddfed0651c8ad6bd00dae0934b4c74cde
-
SSDEEP
24576:N5xLg+D+BlYfXYgZEKBKF4p5WV4EYONV:DxLxD4lbgZEFF4KV4EYO
Static task
static1
Behavioral task
behavioral1
Sample
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7470097193:AAH7g9zj8FQx12YOFkn9mZO_1-BTN4b6gKo/sendMessage?chat_id=6155920142
Targets
-
-
Target
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1.exe
-
Size
791KB
-
MD5
ca72531e5be781f589e9a3a6790f21bf
-
SHA1
8cea2052547bdb3cf23cceb3671a7e28a8b2da3b
-
SHA256
a3313af3a13e7801576cbcd9399e9b73d1a8e8f4940c1d44f0014513e2ce17b1
-
SHA512
609f89c83144412f182e8ac555c7194843425c2563b2b517d0f0d6d6ff9baa4ee715756d6df5871b3a455c488eef5a5ddfed0651c8ad6bd00dae0934b4c74cde
-
SSDEEP
24576:N5xLg+D+BlYfXYgZEKBKF4p5WV4EYONV:DxLxD4lbgZEFF4KV4EYO
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-