Overview

overview

10

Static

static

3

PO 0087900.scr

windows7-x64

3

PO 0087900.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO 0087900.scr

  • Size

    11KB

  • Sample

    241014-b2lcasvfmf

  • MD5

    f6ef999e2fa5ed70bb5ca135d97d9243

  • SHA1

    339e741b643f46f3423595a924b427afa9f163ff

  • SHA256

    bcb46c65ec9e8e7012309351becad322455d89280d3b227b67e104b766c8caf8

  • SHA512

    34547862670613bd43de4ab6d408751cc8e39c3d148f00f82a6d55d54d08cdfd99bd36ca4ee163dbf0a4c69e62958f002cc015eeb6ad90b31d53f3f3287db1ad

  • SSDEEP

    192:KaDIbNX3hoCD6JhZWnQfmG4NlUeKrfB0d:6F6bmQP4NSeoB0

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7371892501:AAE6c_q-yLsVj82ZZEmMuRlQtTm95MBjCz0/sendMessage?chat_id=6750192797

Targets

    • Target

      PO 0087900.scr

    • Size

      11KB

    • MD5

      f6ef999e2fa5ed70bb5ca135d97d9243

    • SHA1

      339e741b643f46f3423595a924b427afa9f163ff

    • SHA256

      bcb46c65ec9e8e7012309351becad322455d89280d3b227b67e104b766c8caf8

    • SHA512

      34547862670613bd43de4ab6d408751cc8e39c3d148f00f82a6d55d54d08cdfd99bd36ca4ee163dbf0a4c69e62958f002cc015eeb6ad90b31d53f3f3287db1ad

    • SSDEEP

      192:KaDIbNX3hoCD6JhZWnQfmG4NlUeKrfB0d:6F6bmQP4NSeoB0

    Score
    10/10
    discoveryvipkeyloggercollectionkeyloggerspywarestealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks