Overview

overview

10

Static

static

3

93cd630026...ef.exe

windows7-x64

10

93cd630026...ef.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef.exe

  • Size

    829KB

  • Sample

    241112-c6kr1asjhy

  • MD5

    d9aeb1e99a348859d87a8fc58a3c6147

  • SHA1

    d568677a26342609a0ca75d9a03b4f5123c505a1

  • SHA256

    93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef

  • SHA512

    81218882e7a7fec98fbe99ba445ba15ba73f5320e9b5c0fcd3634af69a1d4e90df5ee1b72997ef93bc9c5adefc7113e2e6f5909c53363a7abf5b15b7d03389bd

  • SSDEEP

    24576:rbDc7+iLqgCBLqNATwJe9YESd4+/dD+lK:rbDceDLOSBdSd4XI

Score
10/10
vipkeyloggerdiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw/sendMessage?chat_id=7267131103

Targets

    • Target

      93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef.exe

    • Size

      829KB

    • MD5

      d9aeb1e99a348859d87a8fc58a3c6147

    • SHA1

      d568677a26342609a0ca75d9a03b4f5123c505a1

    • SHA256

      93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef

    • SHA512

      81218882e7a7fec98fbe99ba445ba15ba73f5320e9b5c0fcd3634af69a1d4e90df5ee1b72997ef93bc9c5adefc7113e2e6f5909c53363a7abf5b15b7d03389bd

    • SSDEEP

      24576:rbDc7+iLqgCBLqNATwJe9YESd4+/dD+lK:rbDceDLOSBdSd4XI

    Score
    10/10
    vipkeyloggerdiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      7399323923e3946fe9140132ac388132

    • SHA1

      728257d06c452449b1241769b459f091aabcffc5

    • SHA256

      5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

    • SHA512

      d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    • SSDEEP

      192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.