Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PaymentUSD305000A98E8090KDHKS3300.exe
-
Size
2.1MB
-
Sample
240903-xcaedsvdng
-
MD5
894a56d157fc739991e210da5b4bc822
-
SHA1
50e8444b4f45b60e675c8fefd4396bc9c5416262
-
SHA256
ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330
-
SHA512
984de1f8b54b65ab67d74fed3549704a317cc87ad1afbd4bb1f07a2cb900c08143f54f103c29f6b71c972ff2e1bd2cd302112ded0931e641c70b0322713bf48c
-
SSDEEP
49152:9uAEE6l/kZzz3uBytwA6cYAyhEvFJ4W1edTQW2zE/:suzsnEo
Static task
static1
Behavioral task
behavioral1
Sample
PaymentUSD305000A98E8090KDHKS3300.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PaymentUSD305000A98E8090KDHKS3300.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.cybertechllc.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
PaymentUSD305000A98E8090KDHKS3300.exe
-
Size
2.1MB
-
MD5
894a56d157fc739991e210da5b4bc822
-
SHA1
50e8444b4f45b60e675c8fefd4396bc9c5416262
-
SHA256
ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330
-
SHA512
984de1f8b54b65ab67d74fed3549704a317cc87ad1afbd4bb1f07a2cb900c08143f54f103c29f6b71c972ff2e1bd2cd302112ded0931e641c70b0322713bf48c
-
SSDEEP
49152:9uAEE6l/kZzz3uBytwA6cYAyhEvFJ4W1edTQW2zE/:suzsnEo
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-