Overview

overview

10

Static

static

5

PO NO-PO000309.exe

windows7-x64

10

PO NO-PO000309.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PONO-PO000309.zip

  • Size

    580KB

  • Sample

    250130-s85g7avqg1

  • MD5

    dd6d3ff2b8b93dc12e6b8007b60a292a

  • SHA1

    e23f18ba3c11ae1a577ae74d9a12f64e1978ffe6

  • SHA256

    f4ba18b88f41b49aa7dc8c05581448343ab2dc4cac79651c1262514e1b7a1a2a

  • SHA512

    3db671676d6c47eb48efce297495057293a962cf9e0d2fed01b19fe7ee36e10a0778f3eb426aa36ad1799859538666fefa5c323b9629924bb503ba671b459d96

  • SSDEEP

    12288:sQKzm2LZ4z7NxU9Y8QgZH7XKt9FX5a3XKGmX9EXUkguXIuqB96:CUNSY8QOHjKN5+XBhGuYuqa

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      PO NO-PO000309.exe

    • Size

      1004KB

    • MD5

      ba35d2938edbd08e3bee99a3f0342ecf

    • SHA1

      c7bb7862db05dd181a6d0df1c6cf85333cf9606e

    • SHA256

      35c15f0e2e558228afbff51b637bfd6e206c0d388a9296590b08d0b64bc6297a

    • SHA512

      a600b0af55fc26adb07b1c1dfa69c719a519a97146651a8e2fa8e96c4d77fd2babc15d0f2f95bedca6351f5afbe5d75b4feb3a2aeb979f24cda31a63d4a71558

    • SSDEEP

      24576:VAHnh+eWsN3skA4RV1Hom2KXFmIaoiQtWUNTC5:Eh+ZkldoPK1XaoicLk

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks