Overview

overview

10

Static

static

3

Fra_PS233_...25.exe

windows7-x64

10

Fra_PS233_...25.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14112024_1602_14112024_Fra_PS233_R3320-4583_377025.iso

  • Size

    1.0MB

  • Sample

    241114-tgvdksvkhk

  • MD5

    efec9fa32f57a29eeb6dcb020c5035b3

  • SHA1

    f1c234df6b304ca2addccc35c9a54cbd93a04dda

  • SHA256

    b3e618e03a6a13a384e51f7056adfee8ff2cd040d1fb91b3890ddf494409454b

  • SHA512

    93ad300199637cdce7cffceb643f9cb834d4683fc8c2fb1f12c6555e45f58d04b9b2c096c2f03ed50cc21f29dea146de6efe7ebb5c111c2c09d68f1d0fc3044b

  • SSDEEP

    12288:/toNXswQNVrXbT6pzkWv4+RUezMpbbH8IO61Y:+dYLrf6pzkWv4+Rk8g

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw/sendMessage?chat_id=7267131103

Targets

    • Target

      Fra_PS233_R3320-4583_377025.exe

    • Size

      507KB

    • MD5

      145143dc8846d313c2c9b1de1ef2aa35

    • SHA1

      e62adeac996f740de7507fc8f3812974f399b5bc

    • SHA256

      22e815bd29c2eaa9fde1fa988a67d39aaa0402f9a9a4756af56dbc86cb8dba95

    • SHA512

      ff09268bb40304c04799f2df42e55cf0928a03ed83c3a17aec9f2ec0cbf2d71ebbfb17d8cd53c4fb119d5a1b4a35837ffccc680816862b9b40e700e14f87d30c

    • SSDEEP

      12288:7toNXswQNVrXbT6pzkWv4+RUezMpbbH8IO61Y:idYLrf6pzkWv4+Rk8g

    Score
    10/10
    guloadervipkeyloggerdiscoverydownloaderkeyloggerstealercollectionspyware

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks