Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7ffba279d6f47ed76230be9dc7baae15b923dc09ba48f738d01e9beab32e9a58.exe

  • Size

    1.2MB

  • Sample

    241010-njfqbazfqk

  • MD5

    3ebef42f57673d6b260644654522b053

  • SHA1

    b63d68467a9be1260af9685b71eb8b54680e85d6

  • SHA256

    7ffba279d6f47ed76230be9dc7baae15b923dc09ba48f738d01e9beab32e9a58

  • SHA512

    72d25c34f67f5a291855c1602a8293dfbe02544605703630908f7a087a0eddbba1e31c8566e87c59b5b50863bcd5f5b0803d04d362c9716efda16984fbdee7d5

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLhVzGODNZaxNZ7fA+oED:f3v+7/5QLhVKAKtAtED

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      7ffba279d6f47ed76230be9dc7baae15b923dc09ba48f738d01e9beab32e9a58.exe

    • Size

      1.2MB

    • MD5

      3ebef42f57673d6b260644654522b053

    • SHA1

      b63d68467a9be1260af9685b71eb8b54680e85d6

    • SHA256

      7ffba279d6f47ed76230be9dc7baae15b923dc09ba48f738d01e9beab32e9a58

    • SHA512

      72d25c34f67f5a291855c1602a8293dfbe02544605703630908f7a087a0eddbba1e31c8566e87c59b5b50863bcd5f5b0803d04d362c9716efda16984fbdee7d5

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLhVzGODNZaxNZ7fA+oED:f3v+7/5QLhVKAKtAtED

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks