Extracted

• • Target

    2d3d809456f1b8181541bafb523c4ec83b4c4a4183378da9d9bd7b8d23aa79aa

  • Size

    657KB

  • MD5

    8b1f6297418f5bf0ac5aadee8483365a

  • SHA1

    19c4af87dce3d41ee970c205f49c34e05610dedd

  • SHA256

    2d3d809456f1b8181541bafb523c4ec83b4c4a4183378da9d9bd7b8d23aa79aa

  • SHA512

    202ec5769889bc9618498e6a64d59b0ef0a66e3fec75652fe2b9a0db70bc11e276631f1dc7f2237103db955ce6a1b106732335bb9bfa4ed0086b345d6066593d

  • SSDEEP

    12288:v486zV9AmtTec4Hd69GRs5ljIW0ep9Rr2M/iTGYqWofv1zSFXMhuV+7+bp:v16zDADsuklECyCiuW095ugcp

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2

• • Target

    otherworldly.Kas

  • Size

    54KB

  • MD5

    df1cc5262f98c2cf7f51cc5ed85528d7

  • SHA1

    3d9b2293d194ce127b040b28099591b197b18978

  • SHA256

    c547c1878b7c38fddc357939a52c840910f36b31c6a720af9a125c91eaaed735

  • SHA512

    8612721272dc45dc7b3ddad450ac8f66c48a458d249ff0c1adc5582f10daa644a05511c4837931490677c7c6b9d495d905bc610e4abd62b97c083804747c6b82

  • SSDEEP

    768:OvKcT9rR6ufYsYkYSow0DzhWYeTAISjcrQ6GXtvyRmVM7OgiQcfXkZOE4WD9ivaJ:OvhT9l63xrXV5gAP/xbVM7uOOI99

  Score

  8^/10

  executionpersistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral3behavioral4