Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
OC_0069960.pdf.exe
-
Size
698KB
-
Sample
240919-pnrttaybkc
-
MD5
1b3d6a5c2478e4ff1fc016b5fcb9b25b
-
SHA1
52e0a6ec9d17c331b36f48ded9b35ca16aafc10b
-
SHA256
e5d71d130593a06ff0c8b0ab05d4c6bd448dd6cbd82c9ba62512a9d240620237
-
SHA512
9dead747fecdc68e002d8089f8437a2e0e729e3a47291f99917b95f1b5119703d44b57c486df79d6d1b083a71936f726e9d75b6719236f9b029f44f218589389
-
SSDEEP
12288:rLly7CoRIfzzZF5SbvHfDIPRiuqeoJ2n4lvygU2x3kXC3zjh92nedb6HH:rQ7CoKfzzA/DIPRVqtFqg0Oj2nedbc
Static task
static1
Behavioral task
behavioral1
Sample
OC_0069960.pdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6497814516:AAHas9Bu_Hsm8fSF5_kPM60KYlhgUBs0vww/sendMessage?chat_id=7220818658
Targets
-
-
Target
OC_0069960.pdf.exe
-
Size
698KB
-
MD5
1b3d6a5c2478e4ff1fc016b5fcb9b25b
-
SHA1
52e0a6ec9d17c331b36f48ded9b35ca16aafc10b
-
SHA256
e5d71d130593a06ff0c8b0ab05d4c6bd448dd6cbd82c9ba62512a9d240620237
-
SHA512
9dead747fecdc68e002d8089f8437a2e0e729e3a47291f99917b95f1b5119703d44b57c486df79d6d1b083a71936f726e9d75b6719236f9b029f44f218589389
-
SSDEEP
12288:rLly7CoRIfzzZF5SbvHfDIPRiuqeoJ2n4lvygU2x3kXC3zjh92nedb6HH:rQ7CoKfzzA/DIPRVqtFqg0Oj2nedbc
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-