Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

222b82fce8...be.exe

windows7-x64

10

222b82fce8...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    222b82fce8836c7ff44f7eac9a0767bf8cd60a14d22d3d70498a2a1c405aa8be.exe

  • Size

    615KB

  • Sample

    250129-cqynxsxpg1

  • MD5

    105efe9e461cf5deb13c1499fdf7c3fd

  • SHA1

    2e1089312072d6b1d1af28893ad3ea72ca9f0217

  • SHA256

    222b82fce8836c7ff44f7eac9a0767bf8cd60a14d22d3d70498a2a1c405aa8be

  • SHA512

    59df551fcb54a8ffb9ca47e3e5c08971a2f5ff35261e598105663dc71698ed1b8957fdc206178ad92737c6f612b3c6dd2f0177551eafca97c552e6aafd2b31a9

  • SSDEEP

    12288:NveNYtAazWUMaKw/a7PpmmenaKndbJFh31avNUh774:NveNYm/aKw/a7Ppmm+331a1Uh774

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerpersistencestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7965348925:AAGe8wdrvk9A3lxr1GIjGigodJ_zZ7prhfs/sendMessage?chat_id=6848903538

Targets

    • Target

      222b82fce8836c7ff44f7eac9a0767bf8cd60a14d22d3d70498a2a1c405aa8be.exe

    • Size

      615KB

    • MD5

      105efe9e461cf5deb13c1499fdf7c3fd

    • SHA1

      2e1089312072d6b1d1af28893ad3ea72ca9f0217

    • SHA256

      222b82fce8836c7ff44f7eac9a0767bf8cd60a14d22d3d70498a2a1c405aa8be

    • SHA512

      59df551fcb54a8ffb9ca47e3e5c08971a2f5ff35261e598105663dc71698ed1b8957fdc206178ad92737c6f612b3c6dd2f0177551eafca97c552e6aafd2b31a9

    • SSDEEP

      12288:NveNYtAazWUMaKw/a7PpmmenaKndbJFh31avNUh774:NveNYm/aKw/a7Ppmm+331a1Uh774

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerpersistencestealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.