Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5988ba6bf97c1b33f469edfca96b98c35d2054f2ce49d8e065d23250a241a3d0.exe

  • Size

    1.3MB

  • Sample

    240919-brhhnatdjr

  • MD5

    c087116b5a47a54e5dd272162fd87b3b

  • SHA1

    71eb7a31ed81367c95563f6d4aadfb6ea028b997

  • SHA256

    5988ba6bf97c1b33f469edfca96b98c35d2054f2ce49d8e065d23250a241a3d0

  • SHA512

    fecdfc372ccebe22830e31a8d20050ca7a3e1b87ed1a0876df471d20aedac1e3283af624b470a20ef024f6283583629a44716197f341dcc263504de4d19e01c4

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaJ0eud6LfL5vSjUBMF94Z9M5:mJZoQrbTFZY1iaJ0eudejk+k9eC

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      5988ba6bf97c1b33f469edfca96b98c35d2054f2ce49d8e065d23250a241a3d0.exe

    • Size

      1.3MB

    • MD5

      c087116b5a47a54e5dd272162fd87b3b

    • SHA1

      71eb7a31ed81367c95563f6d4aadfb6ea028b997

    • SHA256

      5988ba6bf97c1b33f469edfca96b98c35d2054f2ce49d8e065d23250a241a3d0

    • SHA512

      fecdfc372ccebe22830e31a8d20050ca7a3e1b87ed1a0876df471d20aedac1e3283af624b470a20ef024f6283583629a44716197f341dcc263504de4d19e01c4

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaJ0eud6LfL5vSjUBMF94Z9M5:mJZoQrbTFZY1iaJ0eudejk+k9eC

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks