Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PaymentUSD305000A98E8090KDHKS3300.exe

  • Size

    2.1MB

  • Sample

    240903-xcaedsvdng

  • MD5

    894a56d157fc739991e210da5b4bc822

  • SHA1

    50e8444b4f45b60e675c8fefd4396bc9c5416262

  • SHA256

    ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330

  • SHA512

    984de1f8b54b65ab67d74fed3549704a317cc87ad1afbd4bb1f07a2cb900c08143f54f103c29f6b71c972ff2e1bd2cd302112ded0931e641c70b0322713bf48c

  • SSDEEP

    49152:9uAEE6l/kZzz3uBytwA6cYAyhEvFJ4W1edTQW2zE/:suzsnEo

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      PaymentUSD305000A98E8090KDHKS3300.exe

    • Size

      2.1MB

    • MD5

      894a56d157fc739991e210da5b4bc822

    • SHA1

      50e8444b4f45b60e675c8fefd4396bc9c5416262

    • SHA256

      ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330

    • SHA512

      984de1f8b54b65ab67d74fed3549704a317cc87ad1afbd4bb1f07a2cb900c08143f54f103c29f6b71c972ff2e1bd2cd302112ded0931e641c70b0322713bf48c

    • SSDEEP

      49152:9uAEE6l/kZzz3uBytwA6cYAyhEvFJ4W1edTQW2zE/:suzsnEo

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks