Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9N

  • Size

    1.6MB

  • Sample

    240921-pk2vls1hrg

  • MD5

    a8c891b9bdff16b924f63b04ff1f9130

  • SHA1

    e81df53bfff3c7aa8c9ad8e07869b4b6c1c6f34a

  • SHA256

    6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9

  • SHA512

    b949b45c5eb27452635e534eb266d5b3bd3179422c87a92b07f526d87838cd1624f69154f22967b48362183af3d9d305d6750696b95517420adfd057f74dadac

  • SSDEEP

    49152:FAodtaG9kS2U84B+FLan9k5TRM9zlXVjwbLT:X/B1

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.akguneselektrik.com
  • Port:
    21
  • Username:
    akgunes
  • Password:
    9H5xQVGg

Extracted

Family

vipkeylogger

Targets

    • Target

      6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9N

    • Size

      1.6MB

    • MD5

      a8c891b9bdff16b924f63b04ff1f9130

    • SHA1

      e81df53bfff3c7aa8c9ad8e07869b4b6c1c6f34a

    • SHA256

      6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9

    • SHA512

      b949b45c5eb27452635e534eb266d5b3bd3179422c87a92b07f526d87838cd1624f69154f22967b48362183af3d9d305d6750696b95517420adfd057f74dadac

    • SSDEEP

      49152:FAodtaG9kS2U84B+FLan9k5TRM9zlXVjwbLT:X/B1

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks