Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14.exe
-
Size
1.2MB
-
Sample
241005-b8wrlsydjr
-
MD5
99f8afeaf690544887a8bfc9243f3c7f
-
SHA1
49ac8b9909d9c429530860e851a81f1262a5ce14
-
SHA256
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14
-
SHA512
02b7f53d0430b172599f5449b78b83fe722fa5443e02e9b6b116a964d1cb008c5c0dd5d0909930f66c37bef6214bbb5d1c3f440ccb6e930f68462ba677d87e0a
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLpJtGoBCZNyozGcuYViYxy7Y5b:f3v+7/5QLpJaZNKcoYxPB
Static task
static1
Behavioral task
behavioral1
Sample
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t - Email To:
[email protected]
https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544
Targets
-
-
Target
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14.exe
-
Size
1.2MB
-
MD5
99f8afeaf690544887a8bfc9243f3c7f
-
SHA1
49ac8b9909d9c429530860e851a81f1262a5ce14
-
SHA256
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14
-
SHA512
02b7f53d0430b172599f5449b78b83fe722fa5443e02e9b6b116a964d1cb008c5c0dd5d0909930f66c37bef6214bbb5d1c3f440ccb6e930f68462ba677d87e0a
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLpJtGoBCZNyozGcuYViYxy7Y5b:f3v+7/5QLpJaZNKcoYxPB
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-