Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7b86c2ac160e902e7b0a20601e826e42ba1ca67842fd50cadb80e1066e0d96a8N

  • Size

    1.1MB

  • Sample

    241006-ejmn7awerh

  • MD5

    cabbc373d667baa3d5177a801b31d4c0

  • SHA1

    c2e65610dded0cceb77a4b1e787dd4aa88fb1da4

  • SHA256

    7b86c2ac160e902e7b0a20601e826e42ba1ca67842fd50cadb80e1066e0d96a8

  • SHA512

    ea22ebd892f203b21e78a3c3ac8d67d7789416df6058caf4dfd8dd5c6b214b94e3257dbcce558477e680240e92e64a10811035d6536dba447388fd17a4f207ee

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1WNQDDiNNL8M39HKElALX5TEO:7JZoQrbTFZY1WNQRMY0oXNT

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.gmx.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Lowywett1947**1

Extracted

Family

vipkeylogger

Targets

    • Target

      7b86c2ac160e902e7b0a20601e826e42ba1ca67842fd50cadb80e1066e0d96a8N

    • Size

      1.1MB

    • MD5

      cabbc373d667baa3d5177a801b31d4c0

    • SHA1

      c2e65610dded0cceb77a4b1e787dd4aa88fb1da4

    • SHA256

      7b86c2ac160e902e7b0a20601e826e42ba1ca67842fd50cadb80e1066e0d96a8

    • SHA512

      ea22ebd892f203b21e78a3c3ac8d67d7789416df6058caf4dfd8dd5c6b214b94e3257dbcce558477e680240e92e64a10811035d6536dba447388fd17a4f207ee

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1WNQDDiNNL8M39HKElALX5TEO:7JZoQrbTFZY1WNQRMY0oXNT

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks