Overview

overview

10

Static

static

3

Justifican...45.exe

windows7-x64

10

Justifican...45.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20f5dea8f36806667407aaf7266e08c0f31b8b9e6516cc4e22c8e86e9295fbf5.rar

  • Size

    943KB

  • Sample

    250218-cv1zvawkes

  • MD5

    a722f5b58a415dc46c4067cd647443ce

  • SHA1

    b057c34b9abe3744227bef90a5c5ffa60a7dd0c8

  • SHA256

    20f5dea8f36806667407aaf7266e08c0f31b8b9e6516cc4e22c8e86e9295fbf5

  • SHA512

    c569b08fe81b2505e00378c0aa8397230cc5dba5632a9b44fa8b480fbd7084ac5f46fc43cff5d0c84b39b1c714f3815c4a33b724737f006bcd3ebec30a5ff485

  • SSDEEP

    24576:rywZUPTxvjVJ9K/pDHeesko8efDpf0SCrxBGP:rywZUPVrVJcV+eaFfDpM3PGP

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7809339088:AAEUtMa_u0dd_zBfAWh2Ah2az4h6hNs_Wg0/sendMessage?chat_id=7618581100

Targets

    • Target

      Justificante67ab404ffe6734b359e00a499e6589043545.exe

    • Size

      1001KB

    • MD5

      96bc48e7cc38d731e7e2c25f3f80a88e

    • SHA1

      bd30afd2f438928b3cb98d9f74766f1e401db091

    • SHA256

      79714172680d9fd5b1d49fc518abe9cef9200194a04b6611466beccb28c31728

    • SHA512

      7d71064359f17cae6128db87fdc9a743368b441310d5118734e0ba2a44f5673aeb0f93ea129faa51c6f61f36f135a38f2d90dc550708e87bec67131e4011f908

    • SSDEEP

      24576:IGLEfEEQyQpBGB59WIMJfEKwqQnc9V4+QA3plULISW1D:1+3isWppTBEk3AAD

    Score
    10/10
    guloadervipkeyloggerdiscoverydownloaderkeyloggerstealercollectionspyware

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b853d5d2361ade731e33e882707efc34

    • SHA1

      c58b1aeabdf1cbb8334ef8797e7aceaa7a1cb6be

    • SHA256

      f0cd96e0b6e40f92ad1aa0efacde833bae807b92fca19bf062c1cf8acf29484b

    • SHA512

      8ea31d82ffa6f58dab5632fe72690d3a6db0be65aec85fc8a1f71626773c0974dcebefae17bcf67c4c56ef442545e985eea0b348ff6e4fc36740640092b08d69

    • SSDEEP

      192:eA2HS+ihg200uWz947Wzvxu6v0MI7JOde+Ij5Z77dslFsEf:mS62Gw947ExuGDI7J8EF7KIE

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks