vkeylogger | f3133b021fd1eb20aa1b624a6295496e0d4cfdad4d6d25ac00ab02ee5cbea8b1 | Triage

Submit
Reports

Overview

overview

Static

static

0ed76cd7cb...22.exe

windows7_x64

1

0ed76cd7cb...22.exe

windows10_x64

Sharing

General

Target

0ed76cd7cb14cc30d04802a750bcad22.exe
Size

245KB
Sample

211114-q89e2addgk
MD5

0ed76cd7cb14cc30d04802a750bcad22
SHA1

ed719729d7025b6d16399c88a7334fdd58b0d603
SHA256

f3133b021fd1eb20aa1b624a6295496e0d4cfdad4d6d25ac00ab02ee5cbea8b1
SHA512

89452af762b13227bd835a50d8e5d55a0760889699fae5bb7da67fba1b4fa16207c9e395230cb2f3b135266c3dfac98f45bb8df3b8f9391d55696f8f13e64ea6

Score

10^/10

vkeylogger keylogger persistence stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

0ed76cd7cb14cc30d04802a750bcad22.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0ed76cd7cb14cc30d04802a750bcad22.exe

Resource

win10-en-20211104

vkeylogger keylogger persistence stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0ed76cd7cb14cc30d04802a750bcad22.exe
- Size
  
  245KB
- MD5
  
  0ed76cd7cb14cc30d04802a750bcad22
- SHA1
  
  ed719729d7025b6d16399c88a7334fdd58b0d603
- SHA256
  
  f3133b021fd1eb20aa1b624a6295496e0d4cfdad4d6d25ac00ab02ee5cbea8b1
- SHA512
  
  89452af762b13227bd835a50d8e5d55a0760889699fae5bb7da67fba1b4fa16207c9e395230cb2f3b135266c3dfac98f45bb8df3b8f9391d55696f8f13e64ea6
Score

10^/10

vkeylogger keylogger persistence stealer suricata
- VKeylogger
  A keylogger first seen in Nov 2020.
  stealer keylogger vkeylogger
- VKeylogger Payload
- suricata: ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad
  suricata: ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vkeyloggerkeyloggerpersistencestealersuricata

© 2018-2024

Terms | Privacy