Overview

overview

10

Static

static

5

96b4dc68d4...19.exe

windows7-x64

10

96b4dc68d4...19.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85887b8ec6c6ddf12071a0ea14554ef924ac72f652eba2827443722df0b3f2ff

  • Size

    692KB

  • Sample

    240821-q6zsta1hrh

  • MD5

    7649bbbe748c519de5584dea4e144338

  • SHA1

    4dbb46af7b846655a65f51ccce32ce9c083ec34d

  • SHA256

    85887b8ec6c6ddf12071a0ea14554ef924ac72f652eba2827443722df0b3f2ff

  • SHA512

    1a56b664c67c54077871baf1ab47a00046ba725e26150a0257177816861742fd5155bbdd47c2de60cb68312c2287e0f27e104751e66d60bf60320d89581ccf68

  • SSDEEP

    12288:Gsu0KTIWAPnEp+6miyG+i5uovFADpwD6JCKgclsIZ86a2fFHfWhn:GDTIBnFS5goNAC1KtsMa2fFHfqn

Score
10/10
vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

    • Target

      96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe

    • Size

      1.1MB

    • MD5

      8ab89c59c8fda81159ae27eaf35dd684

    • SHA1

      aaadcdafc21a5f2a4a22e679ec87125928e299bd

    • SHA256

      96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419

    • SHA512

      9af7f0b9a3209f296bdec04ddbc41cc7ecd5ae4136e13e64ec1025d5acebbe04040f243cfd5098ce87acb58ac4e50d322d53a448a05fcfc3f293ae00967b2f41

    • SSDEEP

      24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8azSFN:hTvC/MTQYxsWR7azSF

    Score
    10/10
    vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.