Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PEDIDO161224.rar
-
Size
1.0MB
-
Sample
241217-hzqbsstmgz
-
MD5
5512e6253667a66d7300cac2b8f51b7f
-
SHA1
da9659a0350a4d575184c62b47bcfb6618aa4a8d
-
SHA256
e71a63d388fdcf8ad7fa5b03592fa116469a8a9f1bdcbbcb7aa459665905ff8a
-
SHA512
fbbc25e11b540de4dd76d6d73863d75bda05f9f32dbb04a8cf101ed480635f066a8fa9812ec8af06d5cdc52d6d211837e136db1c5a0657b092fed364c9f4b9d5
-
SSDEEP
24576:YaTMjZaerEV0kqXJ+ny3Nyq5loFJKiTlyvytMEGF3Yy:YfjZaGEQJuSyElIJr1G9X
Static task
static1
Behavioral task
behavioral1
Sample
Untangibility90.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Untangibility90.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7668974942:AAFyrHvXMv2uhMX9l0hNEPNVnFxCDfLErLs/sendMessage?chat_id=7295320361
Targets
-
-
Target
Untangibility90.exe
-
Size
1.1MB
-
MD5
343b6d84d887fc6f42e259c22ddce824
-
SHA1
e7423cd8620ecb4dee9e1781386c1d0273bcd373
-
SHA256
dd5ae442b593e4611d93ddcf5606f20ea4686a9d63b46f546a7f86bd1785d41b
-
SHA512
1b697bd0446b44c05fc2cea0ea073476486c8f754797c714a6dc4578267dcc8a23243c0c65b9a7cd603a0b3bbf4cd5c995aae75cddd9759f69cb3d28e9785852
-
SSDEEP
24576:ONrNYo3K+3fC/j6U3VwV5k7j5awX300zQUGtZV:e+L463VwXgj5aEkHUGtZV
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
675c4948e1efc929edcabfe67148eddd
-
SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
-
SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
-
SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
SSDEEP
96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score3/10 -