Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9N
-
Size
1.6MB
-
Sample
240921-pk2vls1hrg
-
MD5
a8c891b9bdff16b924f63b04ff1f9130
-
SHA1
e81df53bfff3c7aa8c9ad8e07869b4b6c1c6f34a
-
SHA256
6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9
-
SHA512
b949b45c5eb27452635e534eb266d5b3bd3179422c87a92b07f526d87838cd1624f69154f22967b48362183af3d9d305d6750696b95517420adfd057f74dadac
-
SSDEEP
49152:FAodtaG9kS2U84B+FLan9k5TRM9zlXVjwbLT:X/B1
Static task
static1
Behavioral task
behavioral1
Sample
6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.akguneselektrik.com - Port:
21 - Username:
akgunes - Password:
9H5xQVGg
Extracted
vipkeylogger
Targets
-
-
Target
6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9N
-
Size
1.6MB
-
MD5
a8c891b9bdff16b924f63b04ff1f9130
-
SHA1
e81df53bfff3c7aa8c9ad8e07869b4b6c1c6f34a
-
SHA256
6ade2b250774bfe4e5bbe3f21b0500758c7fce2d9b15fa8346a1df50bcc2d5a9
-
SHA512
b949b45c5eb27452635e534eb266d5b3bd3179422c87a92b07f526d87838cd1624f69154f22967b48362183af3d9d305d6750696b95517420adfd057f74dadac
-
SSDEEP
49152:FAodtaG9kS2U84B+FLan9k5TRM9zlXVjwbLT:X/B1
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-