vkeylogger

General

Target

f876084f0a4c4921043f0c5d9a300a10.exe
Size

295KB
Sample

220321-jzz2nsaefp
MD5

f876084f0a4c4921043f0c5d9a300a10
SHA1

26750325c38616947a66fcf4132afd30bdccbbe6
SHA256

04b8f38bffca4122470e8af1b123630809bc7a6fb4e66a3e0a99f82133c9bdf1
SHA512

577f59015f58f6a7f6353b183293d834bea07aed8bf970a14888551239c3cca1eb4915ea3768efa697c82a53d33be50eb3a4d279c0ce4a77eb700f8045117587

Score

10^/10

Malware Config

Targets

- Target
  
  f876084f0a4c4921043f0c5d9a300a10.exe
- Size
  
  295KB
- MD5
  
  f876084f0a4c4921043f0c5d9a300a10
- SHA1
  
  26750325c38616947a66fcf4132afd30bdccbbe6
- SHA256
  
  04b8f38bffca4122470e8af1b123630809bc7a6fb4e66a3e0a99f82133c9bdf1
- SHA512
  
  577f59015f58f6a7f6353b183293d834bea07aed8bf970a14888551239c3cca1eb4915ea3768efa697c82a53d33be50eb3a4d279c0ce4a77eb700f8045117587
Score

10^/10

vkeylogger keylogger persistence stealer suricata
- VKeylogger
  A keylogger first seen in Nov 2020.
  stealer keylogger vkeylogger
- VKeylogger Payload
- suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
  suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
  suricata
- suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
  suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
  suricata
- suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- suricata: ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity
  suricata: ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity
  suricata
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

VKeylogger Payload

suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)

suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

suricata: ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2