Overview

overview

10

Static

static

3

2024-12-21...ar.exe

windows7-x64

10

2024-12-21...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-21_33eec03b8f5fef48079df422fdd0e351_hiddentear

  • Size

    673KB

  • Sample

    241221-bwxs5sypcs

  • MD5

    33eec03b8f5fef48079df422fdd0e351

  • SHA1

    fcefeb1854e2b2db2ab82338e8fadcc5636190b8

  • SHA256

    70b4aca3d25ee89ae7511d1a478237b9d5069697e32291e9fba08faf048af0e1

  • SHA512

    140b19c2b7abc0e14090a7818966ed016eaf1e556574db846f9313bb2496dced09d407d840c5fb1788c0e4222cc3ab695bd11df7a0b3bcc8bf4035fdc8af461b

  • SSDEEP

    12288:kqWhGbN//QrmOT14HVTu5YxUhQzjakG2fC/WlyP3K6ufcFzfd8eVt6j1Zxxxxxxo:VXdOTiVTu5YxUhYjakG2f5l6puWd8kQX

Score
10/10
vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7269639819:AAEhAhUQSG9Gc6LkCmuL5O3qAZPTOuQdnsQ/sendMessage?chat_id=1984778786

Targets

    • Target

      2024-12-21_33eec03b8f5fef48079df422fdd0e351_hiddentear

    • Size

      673KB

    • MD5

      33eec03b8f5fef48079df422fdd0e351

    • SHA1

      fcefeb1854e2b2db2ab82338e8fadcc5636190b8

    • SHA256

      70b4aca3d25ee89ae7511d1a478237b9d5069697e32291e9fba08faf048af0e1

    • SHA512

      140b19c2b7abc0e14090a7818966ed016eaf1e556574db846f9313bb2496dced09d407d840c5fb1788c0e4222cc3ab695bd11df7a0b3bcc8bf4035fdc8af461b

    • SSDEEP

      12288:kqWhGbN//QrmOT14HVTu5YxUhQzjakG2fC/WlyP3K6ufcFzfd8eVt6j1Zxxxxxxo:VXdOTiVTu5YxUhYjakG2f5l6puWd8kQX

    Score
    10/10
    vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks