Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Dryppets.exe

windows7-x64

7

Dryppets.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dryppets.exe

  • Size

    1.1MB

  • Sample

    250211-vg7vcatlbm

  • MD5

    411efb6f23470867166f3990dbec6dad

  • SHA1

    e9bb0868d4507c7b55dd048ee9662884cf7657b6

  • SHA256

    68570e404a256774e77174fefe7dbec3fe0d49f38bb912ab9263ee579d259082

  • SHA512

    7be032a3c1e0c85e57ae30d5ee856fb428dd6ed52f74ec21b1dc311068e09747ca8de02209f2393f1e73f4ec0bf700beb179f8424ec5b9853b9e37eab88f6fc3

  • SSDEEP

    24576:iV8oSs6OQjptmgUy/QEw6wbfqiPACOedfHYNXNHA6w:iV8Nsm3XQEw3/ACOdHAj

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8172976107:AAH5CXqEBGFF-CK18VpImdWAW7U_9296FqY/sendMessage?chat_id=6885960134

Targets

    • Target

      Dryppets.exe

    • Size

      1.1MB

    • MD5

      411efb6f23470867166f3990dbec6dad

    • SHA1

      e9bb0868d4507c7b55dd048ee9662884cf7657b6

    • SHA256

      68570e404a256774e77174fefe7dbec3fe0d49f38bb912ab9263ee579d259082

    • SHA512

      7be032a3c1e0c85e57ae30d5ee856fb428dd6ed52f74ec21b1dc311068e09747ca8de02209f2393f1e73f4ec0bf700beb179f8424ec5b9853b9e37eab88f6fc3

    • SSDEEP

      24576:iV8oSs6OQjptmgUy/QEw6wbfqiPACOedfHYNXNHA6w:iV8Nsm3XQEw3/ACOdHAj

    Score
    10/10
    discoveryguloadervipkeyloggercollectiondownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      34442e1e0c2870341df55e1b7b3cccdc

    • SHA1

      99b2fa21aead4b6ccd8ff2f6d3d3453a51d9c70c

    • SHA256

      269d232712c86983336badb40b9e55e80052d8389ed095ebf9214964d43b6bb1

    • SHA512

      4a8c57fb12997438b488b862f3fc9dc0f236e07bb47b2bce6053dcb03ac7ad171842f02ac749f02dda4719c681d186330524cd2953d33cb50854844e74b33d51

    • SSDEEP

      192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks