Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b3dfc135ae9f16cdabbaa4a371f0ab7411a3ec9d2d77c8e34bd533e9cc1b835f.zip
-
Size
635KB
-
Sample
241009-cnnqyaxdlb
-
MD5
e9ceef64a8a9d1b411592f0c82f954cd
-
SHA1
ad94d567b0a2fa5dfb625a76e5aad618ea793f33
-
SHA256
b3dfc135ae9f16cdabbaa4a371f0ab7411a3ec9d2d77c8e34bd533e9cc1b835f
-
SHA512
81ecdb0e5a908abf77d6462413e56b6e5a375f1fd3e6f199ede7669dc3109c1138af92142596bd0e50e05cce3f11fc4ea5e6fe0b5248d3cb09e10b39888481a3
-
SSDEEP
12288:cDkb24tOjHKHxvENIOisIcWmZFlJUWZv1E9iBOwpjdWJsJyEAuRwc+:HjOjuqNF0klJD38wp0KJvT+
Static task
static1
Behavioral task
behavioral1
Sample
PO-009 Compurent.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PO-009 Compurent.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7447202022:AAGD0i86CLrQjVCFNJEDT_YnT4c6StGryyE/sendMessage?chat_id=7155582826
Targets
-
-
Target
PO-009 Compurent.exe
-
Size
658KB
-
MD5
339e40c9c69f587ecf57fb4f34df3da0
-
SHA1
fe477958b4a728dab031ecbd5ea0c6a9a985c467
-
SHA256
5e27cf81fa5bf72f66bdb2bba36e9bd04f231ea0c27327b7fbe71370a32c306b
-
SHA512
c33535028de2ad8c05db54f85f7184ea0805a97d30f6187993b8204c53d8885afd787503b714cbebb0ef787fc46352ae00ebf903742156f348088bc8b6dcade5
-
SSDEEP
12288:X17kvBCirdHKzxLEJIOjeaIc0mZ7DXiWbv5O9EBOw1jbWfOJyEqum6coTr4:X1ociZYiJ/sSDXzB8w122JYoTk
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-