Overview

overview

10

Static

static

3

RFQ-2413AM-KE2800.scr

windows7-x64

3

RFQ-2413AM-KE2800.scr

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    25092024_0535_25092024_RFQ-2413AM-KE2800.cab

  • Size

    17KB

  • Sample

    240925-gade9s1bqd

  • MD5

    919602b35d42dc780deffd7195b2326b

  • SHA1

    be33d8bf9f0851108e2da3ee04d87a26221f4b10

  • SHA256

    1a9bd4e3fd45208185bdc1fe2bbac9e71c3d66ebecec27f3ae63d67951d92a42

  • SHA512

    4b72750e5c81bb1808f6bad7f0a8dc29afcc8a8457ed57eca7a8e3e5d704092531af85a64630ad136873954ec5359704270470297ef658d47d5ef1714bbc1b7e

  • SSDEEP

    384:E/fda1TP7EuFE3D9bmHSmTVXKA9Xpu2tD5AUq9kNbgNkv/lDls5oByC:E/lKb4uFEZbIBKA9Xpu2tD5yobgqls5q

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7371892501:AAE6c_q-yLsVj82ZZEmMuRlQtTm95MBjCz0/sendMessage?chat_id=6750192797

Targets

    • Target

      RFQ-2413AM-KE2800.scr

    • Size

      39KB

    • MD5

      478ace96e7cb7d671bb378dfc1be2899

    • SHA1

      dbd9954889aa460f2f69556d45cb2fbc12f9f6d1

    • SHA256

      c839d8269a32c721dda69fc174596488bf03f9d1416fd83ba822a5672c14d81e

    • SHA512

      3b1a0aad649a69e2a93ac2da557066dd9bb90d2016b2ab5a6ade12824e0c15990df55cc2284f306983926522a008879113d4679d5ca7d6f8b312f1eef66a7079

    • SSDEEP

      768:pPANMaGROq2ZKOVfpikiJUeHN9NY5ILNPshWivefeI:9YM7RSfsJWWNUrmfeI

    Score
    10/10
    discoveryvipkeyloggercollectionkeyloggerspywarestealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks