Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

RFQ__PO_63...DF.exe

windows7-x64

10

RFQ__PO_63...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    250e5e20c5bd9d1f74400122341e04e47b8f4a46d912691553009c6227114aaf

  • Size

    721KB

  • Sample

    241125-j7hglatlbq

  • MD5

    a3589f82aaaeb0bd20ba6282a03c8115

  • SHA1

    ef533db99d6e976d3811fa1ab88aad91d4551aed

  • SHA256

    250e5e20c5bd9d1f74400122341e04e47b8f4a46d912691553009c6227114aaf

  • SHA512

    273918d5a55bc9adffdae0dad4aa7b3208fdcb9b84ecd4f3702e5934d3873a5e1e1262802fece2ff9741acb1163ff509524392817929b42bc41936fc9da4edfd

  • SSDEEP

    12288:LBD7NbeXekk9lY6xmOCC1MZMSu+72f2bim/rr8uOPXJstI8NtQfHqDIDh:LBteXD6EAeMSuj2morwfoLKPh

Score
10/10
vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.aewn.buzz
  • Port:
    587
  • Username:
    ugops@aewn.buzz
  • Password:
    7213575aceACE@@
  • Email To:
    ugop@aewn.buzz

Targets

    • Target

      RFQ__PO_6353637355363-PDF____PDF.exe

    • Size

      750KB

    • MD5

      130040cd45252a0e1cabdc3f6398881c

    • SHA1

      948c573d9946d207de85e03df1f92680d88b2d42

    • SHA256

      8c1d7041e76efaf68b0c70000b850b3c80111d44114a421cb52e0d503947b96d

    • SHA512

      d465d96be19fdef320269d12170d258178bc078e2313b23a0d24a4b2e92db714851fe53a636a707d18a152fd4741cab33f70ad8e23bda06cb4d255172b5d4ad6

    • SSDEEP

      12288:rbeXOvvHy9lYZInZp3ZL2dnMZghB72/Mbim/fr8iOPXJAtISNtphdtxvWrUPb:XeXiZInZp3ZaJeg4MmofwbYr5dtxWrUz

    Score
    10/10
    vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.