General
-
Target
b77de0fb855cd859678fd1d16e03af3114cde9b3f0636d0fb7b9674eae14fd35
-
Size
785KB
-
Sample
241206-yad58stkex
-
MD5
632bb0a566efd66ed7fdb905ea8c9803
-
SHA1
4c3e846fe594e7e10f5ed4f0d0a13de7290b4077
-
SHA256
b77de0fb855cd859678fd1d16e03af3114cde9b3f0636d0fb7b9674eae14fd35
-
SHA512
f525a1a238b3587ccef06f4baaa00bcdef362840ceb22d475c39a4b0d2b6abe1447959d9fe67bad45a082a0faff1c9ab7c8c71902bcd79b9201fb154cd297325
-
SSDEEP
12288:XDGxeWd8KhML5xEfN5JPafaM8czPA2f1gLd1U0jgaTeiZdHawb:W3ddhMLTElzPYaMtzP/9gLdO0VTnH
Static task
static1
Behavioral task
behavioral1
Sample
b77de0fb855cd859678fd1d16e03af3114cde9b3f0636d0fb7b9674eae14fd35.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b77de0fb855cd859678fd1d16e03af3114cde9b3f0636d0fb7b9674eae14fd35.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7902160942:AAGa4NniMhqzlNHvfBDtJeHrHFJi_wqVTDY/sendMessage?chat_id=7698865320
Targets
-
-
Target
b77de0fb855cd859678fd1d16e03af3114cde9b3f0636d0fb7b9674eae14fd35
-
Size
785KB
-
MD5
632bb0a566efd66ed7fdb905ea8c9803
-
SHA1
4c3e846fe594e7e10f5ed4f0d0a13de7290b4077
-
SHA256
b77de0fb855cd859678fd1d16e03af3114cde9b3f0636d0fb7b9674eae14fd35
-
SHA512
f525a1a238b3587ccef06f4baaa00bcdef362840ceb22d475c39a4b0d2b6abe1447959d9fe67bad45a082a0faff1c9ab7c8c71902bcd79b9201fb154cd297325
-
SSDEEP
12288:XDGxeWd8KhML5xEfN5JPafaM8czPA2f1gLd1U0jgaTeiZdHawb:W3ddhMLTElzPYaMtzP/9gLdO0VTnH
-
Guloader family
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2