Overview

overview

10

Static

static

1

Pedido de ...df.vbs

windows7-x64

8

Pedido de ...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pedido de Cotação-24110004_Pdf.vbs

  • Size

    25KB

  • Sample

    241104-sklp6s1hna

  • MD5

    b64fdcb2377a382cb42e87217d6ee517

  • SHA1

    739db4a77791bfbec0cf5be586a9a53d869c01ee

  • SHA256

    7be994f97359581ce590cdfea2f2a5e60a07d198a17aaa46b551c77e977587bc

  • SHA512

    7df115f1b9909e7dec4a528cb9ad0e88d2a23c258b58812e45eb15cbed3500ecba92c705067066c34d1b2675c57138e11910a2b774cd2f99689bdf5c42e15c59

  • SSDEEP

    384:EBbHfbnj8UeHqUxbHRlCiJshjpj6eSQBTYTw9jMehg:EB78UlUNGPh1WeTBTcw9jMz

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Pedido de Cotação-24110004_Pdf.vbs

    • Size

      25KB

    • MD5

      b64fdcb2377a382cb42e87217d6ee517

    • SHA1

      739db4a77791bfbec0cf5be586a9a53d869c01ee

    • SHA256

      7be994f97359581ce590cdfea2f2a5e60a07d198a17aaa46b551c77e977587bc

    • SHA512

      7df115f1b9909e7dec4a528cb9ad0e88d2a23c258b58812e45eb15cbed3500ecba92c705067066c34d1b2675c57138e11910a2b774cd2f99689bdf5c42e15c59

    • SSDEEP

      384:EBbHfbnj8UeHqUxbHRlCiJshjpj6eSQBTYTw9jMehg:EB78UlUNGPh1WeTBTcw9jMz

    Score
    10/10
    discoveryvipkeyloggercollectionkeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks