Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

  • Size

    743KB

  • Sample

    240829-mbjxbsybpp

  • MD5

    e9f5c88ac891da1d0beccbd87d5e019d

  • SHA1

    f967099f11090fb9f8aada10189211c98b777a0d

  • SHA256

    9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

  • SHA512

    ebdfe47786bec52aaf399b35a174a05f5840d7897f85de979953b36f1611ebfe47744ab4e74dd77eefbb28525cebd64c8bfe5948ad842460c19907c649dcdb28

  • SSDEEP

    12288:COv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPidw/3SKkypQquMKAWy:Cq5TfcdHj4fmb4a3SKaoR

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

    • Target

      9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

    • Size

      743KB

    • MD5

      e9f5c88ac891da1d0beccbd87d5e019d

    • SHA1

      f967099f11090fb9f8aada10189211c98b777a0d

    • SHA256

      9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

    • SHA512

      ebdfe47786bec52aaf399b35a174a05f5840d7897f85de979953b36f1611ebfe47744ab4e74dd77eefbb28525cebd64c8bfe5948ad842460c19907c649dcdb28

    • SSDEEP

      12288:COv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPidw/3SKkypQquMKAWy:Cq5TfcdHj4fmb4a3SKaoR

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.