Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9.exe

  • Size

    739KB

  • Sample

    241009-cf1erssajk

  • MD5

    7e4342e8942e8f1565dc23e8370f5216

  • SHA1

    c4c61bc3d6a4eb09b39643eb9597d42b9160af09

  • SHA256

    96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9

  • SHA512

    b2650c8b98faf72453fce8f13b2be19548540b0e6869aa11cceeccffb9a2d7034859a21998614ee443fd2e7adde3c66902d895977611078542cc622bf459e850

  • SSDEEP

    12288:CnCbsmmEWaBychY4wbqLM7pVKA1ICqbbJH6z9d3fCSLkDmyUQW/UdU8kR:PstEWaByb4wuLM7p7mb8hRpRUdM

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9.exe

    • Size

      739KB

    • MD5

      7e4342e8942e8f1565dc23e8370f5216

    • SHA1

      c4c61bc3d6a4eb09b39643eb9597d42b9160af09

    • SHA256

      96daab3a11b4fb4f306dd3af66065c069f3c4647708e0a0ea987f1d1639b09c9

    • SHA512

      b2650c8b98faf72453fce8f13b2be19548540b0e6869aa11cceeccffb9a2d7034859a21998614ee443fd2e7adde3c66902d895977611078542cc622bf459e850

    • SSDEEP

      12288:CnCbsmmEWaBychY4wbqLM7pVKA1ICqbbJH6z9d3fCSLkDmyUQW/UdU8kR:PstEWaByb4wuLM7p7mb8hRpRUdM

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks