Overview

overview

10

Static

static

3

nº 7064-2024.exe

windows7-x64

10

nº 7064-2024.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nº 7064-2024.exe

  • Size

    1007KB

  • Sample

    241025-rnfgwssalp

  • MD5

    896d5fba336a53de81119d748c423d0d

  • SHA1

    1fe1eb8613bdd029a3d6fef114d6bbcea8c938b4

  • SHA256

    1e91b915d4132fcd5e923a83c6070af72045261fb5cb972f3b4497a4dc8dfcb2

  • SHA512

    8c15bdc196b52ca01994bda11c29925a10373d4b402b55271137fe6f7d37057beccb14d4a9ec9445bfe25f6e820592cc36086b4d3e411248d3a151ce5ca17474

  • SSDEEP

    24576:vHg/r/z2VFQhvni26fI0b6e4BAWMIRdGeBYTw2H2:I/z2VAn6ZUnZSTs

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      nº 7064-2024.exe

    • Size

      1007KB

    • MD5

      896d5fba336a53de81119d748c423d0d

    • SHA1

      1fe1eb8613bdd029a3d6fef114d6bbcea8c938b4

    • SHA256

      1e91b915d4132fcd5e923a83c6070af72045261fb5cb972f3b4497a4dc8dfcb2

    • SHA512

      8c15bdc196b52ca01994bda11c29925a10373d4b402b55271137fe6f7d37057beccb14d4a9ec9445bfe25f6e820592cc36086b4d3e411248d3a151ce5ca17474

    • SSDEEP

      24576:vHg/r/z2VFQhvni26fI0b6e4BAWMIRdGeBYTw2H2:I/z2VAn6ZUnZSTs

    Score
    10/10
    guloadervipkeyloggerdiscoverydownloaderkeyloggerstealercollectionspyware

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks