Overview

overview

10

Static

static

5

6a16ab57cf...55.zip

windows7-x64

1

6a16ab57cf...55.zip

windows10-2004-x64

1

rrr.exe

windows7-x64

10

rrr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a16ab57cfe25ae91ede18f58d9f902230730b3d8837c6198b108288a70f6155

  • Size

    965KB

  • Sample

    240919-hpl7dswcna

  • MD5

    abe998359032006801ef5f3f466a69bc

  • SHA1

    fe150d058b73baed08d30c9e15d63081c789ba1c

  • SHA256

    6a16ab57cfe25ae91ede18f58d9f902230730b3d8837c6198b108288a70f6155

  • SHA512

    ff1178e0fddb342c83f72036688e9e0e2564363f435102c65ba9c174e6c1bd9a51e861d28b20d38e10a551bc53d76e20f048c6a1acdf83534176f4b115bee9b2

  • SSDEEP

    24576:vzaqtRE5KxftVLwxU6A0OCNsjgY5PVN7eZBy3jn5qIIefc3:7DWK5wxU3Rh0ENii3z4lsw

Score
10/10
vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7045535067:AAFB6Qd5XE98Vho9iunrlrUC41JAx3FhGjY/sendMessage?chat_id=5916042829

Targets

    • Target

      6a16ab57cfe25ae91ede18f58d9f902230730b3d8837c6198b108288a70f6155

    • Size

      965KB

    • MD5

      abe998359032006801ef5f3f466a69bc

    • SHA1

      fe150d058b73baed08d30c9e15d63081c789ba1c

    • SHA256

      6a16ab57cfe25ae91ede18f58d9f902230730b3d8837c6198b108288a70f6155

    • SHA512

      ff1178e0fddb342c83f72036688e9e0e2564363f435102c65ba9c174e6c1bd9a51e861d28b20d38e10a551bc53d76e20f048c6a1acdf83534176f4b115bee9b2

    • SSDEEP

      24576:vzaqtRE5KxftVLwxU6A0OCNsjgY5PVN7eZBy3jn5qIIefc3:7DWK5wxU3Rh0ENii3z4lsw

    Score
    1/10
    behavioral1behavioral2

    • Target

      rrr.exe

    • Size

      1.2MB

    • MD5

      64395b35816e71f0086102af0c70d8cc

    • SHA1

      50024b88a8fec64519f9a5d21771e6152eb1e431

    • SHA256

      befc14389fe2850189bdb079d01b7a58ebb9d7d55e970bb4b729ed4bc20d225d

    • SHA512

      cb4d66b09561494a5783983fb3831ac0ea53b0675fc9fcaba21223c1c856d0bb6b855f5c53be7b457588bef1d8d4c3eeeb0e8f7fb9f5a0e98948d16867ab60be

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCsluS0y0Nsjg85jVD7e7B+9jn5G8Y8Lmw:7JZoQrbTFZY1iaCm/3L0aDi89zozmF

    Score
    10/10
    vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks