Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9.exe
-
Size
739KB
-
Sample
241009-cf1erssajk
-
MD5
7e4342e8942e8f1565dc23e8370f5216
-
SHA1
c4c61bc3d6a4eb09b39643eb9597d42b9160af09
-
SHA256
96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9
-
SHA512
b2650c8b98faf72453fce8f13b2be19548540b0e6869aa11cceeccffb9a2d7034859a21998614ee443fd2e7adde3c66902d895977611078542cc622bf459e850
-
SSDEEP
12288:CnCbsmmEWaBychY4wbqLM7pVKA1ICqbbJH6z9d3fCSLkDmyUQW/UdU8kR:PstEWaByb4wuLM7p7mb8hRpRUdM
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.vinatax.us - Port:
587 - Username:
[email protected] - Password:
vinatax@2022 - Email To:
[email protected]
Targets
-
-
Target
96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9.exe
-
Size
739KB
-
MD5
7e4342e8942e8f1565dc23e8370f5216
-
SHA1
c4c61bc3d6a4eb09b39643eb9597d42b9160af09
-
SHA256
96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9
-
SHA512
b2650c8b98faf72453fce8f13b2be19548540b0e6869aa11cceeccffb9a2d7034859a21998614ee443fd2e7adde3c66902d895977611078542cc622bf459e850
-
SSDEEP
12288:CnCbsmmEWaBychY4wbqLM7pVKA1ICqbbJH6z9d3fCSLkDmyUQW/UdU8kR:PstEWaByb4wuLM7p7mb8hRpRUdM
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-