Overview

overview

10

Static

static

3

2024-12-19...ar.exe

windows7-x64

10

2024-12-19...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-19_d4539ea8b3689c0ac5a29bab586e6e5e_hiddentear

  • Size

    673KB

  • Sample

    241219-f84vfazrdv

  • MD5

    d4539ea8b3689c0ac5a29bab586e6e5e

  • SHA1

    58ec88f92ca5aa9d831a3ebc44de2c7342ecd695

  • SHA256

    44a782c64fd57204e1c120a41ff620c28695edd03890c4e615503c044079720a

  • SHA512

    682143a973b491353de78f9df22f4ee342332547041c52602f3c5c77cfba840d4842a9b4780aef6c3f08541a35b65158f4b128303d71527e4578c015f8ca1d12

  • SSDEEP

    12288:HTYZll4HvBGpLkYYiUBfei3+/CKxaQ4o7YW+IMHeke6zp7Su8dAA:HTvPBGBZYbfRObieke6zpkA

Score
10/10
vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7269639819:AAEhAhUQSG9Gc6LkCmuL5O3qAZPTOuQdnsQ/sendMessage?chat_id=1984778786

Targets

    • Target

      2024-12-19_d4539ea8b3689c0ac5a29bab586e6e5e_hiddentear

    • Size

      673KB

    • MD5

      d4539ea8b3689c0ac5a29bab586e6e5e

    • SHA1

      58ec88f92ca5aa9d831a3ebc44de2c7342ecd695

    • SHA256

      44a782c64fd57204e1c120a41ff620c28695edd03890c4e615503c044079720a

    • SHA512

      682143a973b491353de78f9df22f4ee342332547041c52602f3c5c77cfba840d4842a9b4780aef6c3f08541a35b65158f4b128303d71527e4578c015f8ca1d12

    • SSDEEP

      12288:HTYZll4HvBGpLkYYiUBfei3+/CKxaQ4o7YW+IMHeke6zp7Su8dAA:HTvPBGBZYbfRObieke6zpkA

    Score
    10/10
    vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks