Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

  • Size

    743KB

  • Sample

    240829-mbjxbsybpp

  • MD5

    e9f5c88ac891da1d0beccbd87d5e019d

  • SHA1

    f967099f11090fb9f8aada10189211c98b777a0d

  • SHA256

    9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

  • SHA512

    ebdfe47786bec52aaf399b35a174a05f5840d7897f85de979953b36f1611ebfe47744ab4e74dd77eefbb28525cebd64c8bfe5948ad842460c19907c649dcdb28

  • SSDEEP

    12288:COv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPidw/3SKkypQquMKAWy:Cq5TfcdHj4fmb4a3SKaoR

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

    • Target

      9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

    • Size

      743KB

    • MD5

      e9f5c88ac891da1d0beccbd87d5e019d

    • SHA1

      f967099f11090fb9f8aada10189211c98b777a0d

    • SHA256

      9c6b53051039e6e3ada670ef5c591e69e3cadae46b3e78510cadb800d2379840

    • SHA512

      ebdfe47786bec52aaf399b35a174a05f5840d7897f85de979953b36f1611ebfe47744ab4e74dd77eefbb28525cebd64c8bfe5948ad842460c19907c649dcdb28

    • SSDEEP

      12288:COv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPidw/3SKkypQquMKAWy:Cq5TfcdHj4fmb4a3SKaoR

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks