Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe777d4ff348afb74ba7556da56b29a4ee0a66f7b044674fd1f18641573337f2N

  • Size

    270KB

  • Sample

    241005-rt82dszbre

  • MD5

    9c7cf85d2fa1d9c0b6c591b94cbf2830

  • SHA1

    55822a8ed3ceda0fc325d998af2e379fb05a948e

  • SHA256

    fe777d4ff348afb74ba7556da56b29a4ee0a66f7b044674fd1f18641573337f2

  • SHA512

    813817015ddeec9e3bab1e1a945cecb942f75250fc2ea0de89de28c604e69d204d2a0217d4fa6be0d09bb662fddd2a17849a3989eb5a11bdd4b087ffddffb15f

  • SSDEEP

    3072:8WAT5ctg+Orw0aqqb5mlXYOE6jc7dz0pHuhdzm3bfS2z/LQunsoAUYTVg4iIbbY:v6sm3bg7b

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      fe777d4ff348afb74ba7556da56b29a4ee0a66f7b044674fd1f18641573337f2N

    • Size

      270KB

    • MD5

      9c7cf85d2fa1d9c0b6c591b94cbf2830

    • SHA1

      55822a8ed3ceda0fc325d998af2e379fb05a948e

    • SHA256

      fe777d4ff348afb74ba7556da56b29a4ee0a66f7b044674fd1f18641573337f2

    • SHA512

      813817015ddeec9e3bab1e1a945cecb942f75250fc2ea0de89de28c604e69d204d2a0217d4fa6be0d09bb662fddd2a17849a3989eb5a11bdd4b087ffddffb15f

    • SSDEEP

      3072:8WAT5ctg+Orw0aqqb5mlXYOE6jc7dz0pHuhdzm3bfS2z/LQunsoAUYTVg4iIbbY:v6sm3bg7b

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks