Overview

overview

10

Static

static

3

Transferen...52.exe

windows7-x64

7

Transferen...52.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

8

Resubmissions

12-02-2025 16:16

250212-tq57fayqdt 8

12-02-2025 16:13

250212-tn47csypev 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12022025_1602_12022025_Transferencia4317370002017852.rar

  • Size

    1017KB

  • Sample

    250212-tn47csypev

  • MD5

    3e85069fce15834fe404ea58a59b6337

  • SHA1

    02dd394a5fefd362fe398491870eb9a4980d9509

  • SHA256

    49b6973ae56537c834f62dd29538ac6a93c6feeeaba906278bb68f12737393ed

  • SHA512

    a6e0e16817b97022109da73e2999bea3ed30bae48d39587f8d1802f894433afe63a69f5338986a0ba7ed543e6a4cbf363174fa0d32fbce0f77da6c24a2eb1e5f

  • SSDEEP

    24576:8p2RlP8NfPO7VUaqZavx0/gsTbb3kJdP/giGmoqqkZN3QM:80RlP0OhUaqZa+gMbb30dP/giGmZqSx

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendMessage?chat_id=7618581100

Targets

    • Target

      Transferencia 4317370002017852.exe

    • Size

      1.1MB

    • MD5

      54ee3977812710943555e77ef86a3178

    • SHA1

      a0b48ae44c3254d1062f46832864991be1455004

    • SHA256

      4817f4d4708fb98f4791dedf21a3f5f91999d7673c770b67b4623529ee38991e

    • SHA512

      5927f3b54685f06ade880d60168a37be4c176eeab8c7227eac713f06a32a50c12451e3898cc71716bc8e0ee984ac320bbceb11828cab50e5311e7da3f4969704

    • SSDEEP

      24576:AV8oTYGdF+pkoEwbfqiPACOedfHYNXNHA60:AV8jpko9/ACOdHAZ

    Score
    10/10
    discoveryguloadervipkeyloggercollectiondownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      34442e1e0c2870341df55e1b7b3cccdc

    • SHA1

      99b2fa21aead4b6ccd8ff2f6d3d3453a51d9c70c

    • SHA256

      269d232712c86983336badb40b9e55e80052d8389ed095ebf9214964d43b6bb1

    • SHA512

      4a8c57fb12997438b488b862f3fc9dc0f236e07bb47b2bce6053dcb03ac7ad171842f02ac749f02dda4719c681d186330524cd2953d33cb50854844e74b33d51

    • SSDEEP

      192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks