Extracted

Extracted

• • Target

    BugSplat64.dll

  • Size

    4.5MB

  • MD5

    dbf393cb8382e127c0008d51a135e8b8

  • SHA1

    1c3210ac7e1ca2026b5ab91299e5d7b56813d115

  • SHA256

    b611edd23fc7313e409a4538752a6bfd274cc79b4b87a8700c39fbdc223deb87

  • SHA512

    4339fa259ba6a7488af2508968ae8e62cd7c0c9c7d5c7f1022f4e0ca30d87e4ffd78c77b6483a8afd944e7609740ecdc3edc6e698c0ed9bc3412549dc9589cf5

  • SSDEEP

    49152:kRamKgxNsrgLIEdPGU9ZHfh6wZrzj81gRUaGJSA9g+CSIBGKKBUMPmPrbrzme1YL:jmK0srWlhpmSA9g3rrrA

  Score

  10^/10

  vipkeyloggeradwarecollectiondiscoverykeyloggerpersistenceprivilege_escalationstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1

• • Target

    PO202501B.exe

  • Size

    255KB

  • MD5

    2a39ab7049226dec986fa602a26f5372

  • SHA1

    f0baf3b4f1dbcc6dd21e6f1279c741c0051c03cc

  • SHA256

    ad4cd780bd7accd7482dcf6222910aafee971c7ab870ebae0022d51b237fa5cb

  • SHA512

    5190d06d07b72f8ebaf326b6c0fcd85963afe598be499afee11881905ded944b58829a6ddc85a94f75621e5936496e151a1d8b4b96d12d38148a1f256841dafa

  • SSDEEP

    6144:WIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGj:hz7KmH9tp1

  Score

  10^/10

  vipkeyloggeradwarecollectiondiscoverykeyloggerpersistenceprivilege_escalationstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral2