Overview

overview

10

Static

static

5

H760 MH PO...VE.exe

windows7-x64

10

H760 MH PO...VE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    H760 MH POWER TOP DRIVE.zip

  • Size

    574KB

  • Sample

    241128-vna4yszjdn

  • MD5

    163407f02842f691e7e5b1c7335a5e97

  • SHA1

    07eb6c202de76e3d4d4684875f45da2a66c5f385

  • SHA256

    d4a4d474d8913f2120e2a7b1f05991f5fd37e5b50bfe50eaec45b47aefa9bd51

  • SHA512

    58ad9d52f6296eeac43b6231d45c1a09a57993a12300b19db510d8825799f2128c39f9b7223bc8908c446c8f3216d09d667d75a443930d88a1023082b25cea81

  • SSDEEP

    12288:oVKr8utgNzwgWrD9by91uRR08Z5L75y1Anw9nfelccJP/cD:1PQwgWrQ9ALnLQ8w9fu/g

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7567650575:AAHvGGF6TZiX_cMd8iYGZUXmOL-zDO7vZNI/sendMessage?chat_id=7654658491

Targets

    • Target

      H760 MH POWER TOP DRIVE.exe

    • Size

      1001KB

    • MD5

      d92a6a3ee6377f63c6ec95f7efb6da26

    • SHA1

      b137b806e5a64d69e20fff5877a8c1d2fc15d0cb

    • SHA256

      7bc0ac48b0f23d5b80758d2332f57c2bff160f93335ff72e101d0fa2c6914bb6

    • SHA512

      402a036c4f9169641390e938b19887c966bc4a41480e024b93ae3e743a6b1fb7f6e4acb6fd6edb91b6c9154ee53cf5d16b9dc62d7e63efaf521abb09646e8824

    • SSDEEP

      24576:Utb20pkaCqT5TBWgNQ7aq2UShpIFcS6A:9Vg5tQ7aq2phOFX5

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks