Overview

overview

10

Static

static

3

6062a99079...a5.exe

windows7-x64

10

6062a99079...a5.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6062a990795f7af3b1199402759b849f50a98bc6702a5b8dd3298bebcca108a5.exe

  • Size

    972KB

  • Sample

    241106-rht34a1jd1

  • MD5

    faaeca52d0c68d9b5574032cd91bacac

  • SHA1

    f26d81b5697b350bc857c0a91d7c2a05d9b8ccf2

  • SHA256

    6062a990795f7af3b1199402759b849f50a98bc6702a5b8dd3298bebcca108a5

  • SHA512

    ddd6e1496b422a59eb9a4c4ae1a98a1cf7978abe741f68264ff1e41aeb66394179eecd0f10479ac74906a62e351f525c8cf644e18f40da6d7cd6140cd17c4cec

  • SSDEEP

    12288:tqiaD9ZddrmFBBYLc1u1rmNa1zF6rWowo3lItWMTCJqCOlQ:RM93ozYLb1CNGcrh9+tW40OO

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      6062a990795f7af3b1199402759b849f50a98bc6702a5b8dd3298bebcca108a5.exe

    • Size

      972KB

    • MD5

      faaeca52d0c68d9b5574032cd91bacac

    • SHA1

      f26d81b5697b350bc857c0a91d7c2a05d9b8ccf2

    • SHA256

      6062a990795f7af3b1199402759b849f50a98bc6702a5b8dd3298bebcca108a5

    • SHA512

      ddd6e1496b422a59eb9a4c4ae1a98a1cf7978abe741f68264ff1e41aeb66394179eecd0f10479ac74906a62e351f525c8cf644e18f40da6d7cd6140cd17c4cec

    • SSDEEP

      12288:tqiaD9ZddrmFBBYLc1u1rmNa1zF6rWowo3lItWMTCJqCOlQ:RM93ozYLb1CNGcrh9+tW40OO

    Score
    10/10
    vipkeyloggerdiscoverykeyloggerstealercollectionspyware

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      6ad39193ed20078aa1b23c33a1e48859

    • SHA1

      95e70e4f47aa1689cc08afbdaef3ec323b5342fa

    • SHA256

      b9631423a50c666faf2cc6901c5a8d6eb2fecd306fdd2524256b7e2e37b251c2

    • SHA512

      78c89bb8c86f3b68e5314467eca4e8e922d143335081fa66b01d756303e1aec68ed01f4be7098dbe06a789ca32a0f31102f5ba408bc5ab28e61251611bb4f62b

    • SSDEEP

      96:qIsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9Fug:ZVL7ikJb76BQUoUm+RnyXVYO2RvHFug

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks