Overview

overview

10

Static

static

5

723-130-2025.exe

windows7-x64

7

723-130-2025.exe

windows10-2004-x64

5

724-130-2025.exe

windows7-x64

10

724-130-2025.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Certificates 01-30-2025.rar

  • Size

    1.2MB

  • Sample

    250131-hlw77a1ngn

  • MD5

    000554f662b4d9ad37374642e1ae4d80

  • SHA1

    ea27908baf83352b3ccc17aaafe5eccfec4f752a

  • SHA256

    4e6b4a6b0f88369b10ab84afe4529ea7b4784707b3b5caa882e41050abbc6549

  • SHA512

    e0f5344bc740f08a8d85ea3fc141bc3e5cdbc80a74182f0d50fa33b9dfe895902a564027d80f70d66a093583444ecefcd72c9347483914b177b6e0d2347bca60

  • SSDEEP

    24576:igNajc9+8SG1xa9Ak0kM3YbevY8PAdC+k6I2uJquUFW7GOQFF2Px7D:zNajc9+TMa6bYb0YqATk6VuqWqOL57D

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7965348925:AAGe8wdrvk9A3lxr1GIjGigodJ_zZ7prhfs/sendMessage?chat_id=6848903538

Targets

    • Target

      723-130-2025.exe

    • Size

      1.1MB

    • MD5

      1cf5ecd1b8b508ae3c6a04a3341439f3

    • SHA1

      e97b3bb75997b8faa8d54975e8dec5b3cd0f3a71

    • SHA256

      a82f8608d3e988686365f5a95c721ed3669a088b4f48181cac546e85a1c81104

    • SHA512

      e676a40018ba9e46290c6b15cbe444ec966467a531e2cc3a65939fa36d90c467f22a6baa5277443ce314e1f663d937519a26574f4920850663c67a539f4832a4

    • SSDEEP

      24576:mAHnh+eWsN3skA4RV1Hom2KXFmIaQhxZhzOq3Q5:Bh+ZkldoPK1XaQhxZtJm

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      724-130-2025.exe

    • Size

      1.0MB

    • MD5

      bc0f2d5c7dbef53ed808837aab2855bc

    • SHA1

      98ffde785bd487745dc3f2fc541a86ede25518bf

    • SHA256

      ec1b776abc39b4aa04715898f4f87054d73c9f6b186151390d7c16da234dae43

    • SHA512

      e635e33d6eb8ddab90d1f13c28ab6ff8ecf3e807735e6af1ca280fd542d92c99fff5e22d155c7306987c148d402c89b1359ef19029466a99ef10fa36e741ea4d

    • SSDEEP

      24576:kAHnh+eWsN3skA4RV1Hom2KXFmIa7ll+AzDgWXH4VYHMmV5:zh+ZkldoPK1Xa7l0AvvXet4

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks