Overview

overview

10

Static

static

5

PO-2602.exe

windows7-x64

10

PO-2602.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO2602.tar

  • Size

    846KB

  • Sample

    240927-p18cbswame

  • MD5

    c2bb049b536f00e50795d756153aa658

  • SHA1

    aed19c1b2af06fa5e9c0b3a0bf8e8919068a1101

  • SHA256

    14cf7e4322ad07399069df4b0d5db0d66cf5553e5d3205df728547ec6f3485ba

  • SHA512

    3690419d47fc7bb74493253d2ac4f5f5d9cedcd4817903d882c94125d153a276cf58efb1cfb1e32dcc1b303ab8366d59e0c501560359d8805696bc1f4e1630be

  • SSDEEP

    24576:UU+Q7KyXet7tP+wnBaFYOpfS1ArcRpEzm83:UU198J+wnBaFY6f/cAK83

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915

Targets

    • Target

      PO-2602.exe

    • Size

      1.2MB

    • MD5

      e3322029b312a55d39c8f73f3ceab24e

    • SHA1

      0a360cc0925d129389ab86dc3dc9a315f40824f3

    • SHA256

      57bafeb2917ee325369b84c0908cd0d2368a053d60a909cacc3e4b34e14c5dc0

    • SHA512

      f5cf3b0dfcfe871362328c78bc893c9b6fc2eee51dd3cf2bbf82cbeec8aed05a1b3ca545dd0ebf93e9bccb68cc7d75e4cf4332ac958952ee4b8a8cbf1ec6b159

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCiFH2nugtHYWQAwNeoVC1JkI:7JZoQrbTFZY1iaC6gtHRQAwhIJ

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks