Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2681c94188aa6193f7b51cafa73d0d0edc72e0c4e78fd29aa286e22e24583c63
-
Size
504KB
-
Sample
240904-sewcestfrc
-
MD5
a5c58b6e9f7baec7cf317cf5c9e8100f
-
SHA1
651583cc9b838369215a77685219485e0880a530
-
SHA256
2681c94188aa6193f7b51cafa73d0d0edc72e0c4e78fd29aa286e22e24583c63
-
SHA512
3941c069b8d903e40cfb1e1dbdfbf053ebf821e2e172ffc01d5d3a2c1fa364c7409d55501d12de6de4fa855a268cba288e60902258c9a5ecb52d86be2bc7ada0
-
SSDEEP
12288:/+ehe83uP9Jeb4Y/vq/JjcA92LcaihP47nxNS9VICYXuHj2Yj0iAM:/zluP9I/yhcMRuxNS9iaD2A03M
Static task
static1
Behavioral task
behavioral1
Sample
Lykkeskillingerne.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6514469045:AAGgK1KLWbAJZ7dNmeGHg2OB9PfOTjGrT08/sendMessage?chat_id=6070006284
Targets
-
-
Target
Lykkeskillingerne.exe
-
Size
517KB
-
MD5
a61d199b40c46ea1e0b9bb6f12165881
-
SHA1
9ce4221b5c7d8a67ba54b0709d5bbcc893ceed02
-
SHA256
c4f370cc453d04a84606b36451353fe65c56a5e758b2c138a23fc3741d7f4df9
-
SHA512
11274f2ea8c4c181e4a0163a947e7d893697db2b0dcb7a280e3a0e37059bb4d02998c0d32b1cc84084fe8e7d9684cec21da708ccefe0628711053626a09beb85
-
SSDEEP
12288:WZGcVEfEyolcupbbn6/tT9XfSJ37tdrQW:WZbSfEyolpb6FTM7dr9
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-