General
-
Target
93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef
-
Size
829KB
-
Sample
241113-nt9q5s1gkj
-
MD5
d9aeb1e99a348859d87a8fc58a3c6147
-
SHA1
d568677a26342609a0ca75d9a03b4f5123c505a1
-
SHA256
93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef
-
SHA512
81218882e7a7fec98fbe99ba445ba15ba73f5320e9b5c0fcd3634af69a1d4e90df5ee1b72997ef93bc9c5adefc7113e2e6f5909c53363a7abf5b15b7d03389bd
-
SSDEEP
24576:rbDc7+iLqgCBLqNATwJe9YESd4+/dD+lK:rbDceDLOSBdSd4XI
Static task
static1
Behavioral task
behavioral1
Sample
93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw/sendMessage?chat_id=7267131103
Targets
-
-
Target
93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef
-
Size
829KB
-
MD5
d9aeb1e99a348859d87a8fc58a3c6147
-
SHA1
d568677a26342609a0ca75d9a03b4f5123c505a1
-
SHA256
93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef
-
SHA512
81218882e7a7fec98fbe99ba445ba15ba73f5320e9b5c0fcd3634af69a1d4e90df5ee1b72997ef93bc9c5adefc7113e2e6f5909c53363a7abf5b15b7d03389bd
-
SSDEEP
24576:rbDc7+iLqgCBLqNATwJe9YESd4+/dD+lK:rbDceDLOSBdSd4XI
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
7399323923e3946fe9140132ac388132
-
SHA1
728257d06c452449b1241769b459f091aabcffc5
-
SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
-
SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
-
SSDEEP
192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2