Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
2852-15-0x00000000007E0000-0x000000000082A000-memory.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2852-15-0x00000000007E0000-0x000000000082A000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
2852-15-0x00000000007E0000-0x000000000082A000-memory.dmp
-
Size
296KB
-
MD5
050e1608a7cb7f9f79e03ee69e225995
-
SHA1
40d04c470bb07d5b2629c376e904d652f4e53281
-
SHA256
14634d34f73450674b3d0691544b8db1b54d671e9d459c5060b003a78ad1849d
-
SHA512
c4b515b676b3e4562fc58fadb6c422443bd54e820683080b820ea615dde67ab6073fd4b12f797cf6990d7a185082b1af4ea837f07d1eaf419e1b5120867b4830
-
SSDEEP
3072:ni8zGMcOGgRcO+X+uSeSQShSySXS5S3VXmNqpxKdks/3pH4nX86GWBNbfsHkmiLT:yVtVuZJ/QtCIDo3KX9GWBNb4eWb
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8124032214:AAHsMb8ZSRX6oiufFz1tRalXrmGjYujuzB4/sendMessage?chat_id=6198188190
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2852-15-0x00000000007E0000-0x000000000082A000-memory.dmp
Files
-
2852-15-0x00000000007E0000-0x000000000082A000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ