Overview

overview

10

Static

static

5

invoice fo...df.rar

windows7-x64

1

invoice fo...df.rar

windows10-2004-x64

1

invoice fo...st.exe

windows7-x64

10

invoice fo...st.exe

windows10-2004-x64

10

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice for payment request.pdf.z

  • Size

    503KB

  • Sample

    250220-k8xtca1nht

  • MD5

    793695022c7d04f0cc5fce7757e99745

  • SHA1

    4db54cf90725f053f522cf007a93616313f37e15

  • SHA256

    84dbf1a7bb1aaf5fa8bc981b98e91f904884f967f526eceb2a4ef19aaeee464d

  • SHA512

    4acd7b6a56455c486ab6515d525857218c52afc8a66a1765901be982a04577e10fb085bd3f4509d613edb05ed90fc028babf90da946c0202ec2e27778a2a6eef

  • SSDEEP

    12288:d+vDOAEtBaXdXsgxdx/1KguE27g9JmZO4WJA3UuOP+MUMvG:ya/tBaXdXhxdx/slV8u3Ur+MUMe

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealerupx

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      invoice for payment request.pdf.z

    • Size

      503KB

    • MD5

      793695022c7d04f0cc5fce7757e99745

    • SHA1

      4db54cf90725f053f522cf007a93616313f37e15

    • SHA256

      84dbf1a7bb1aaf5fa8bc981b98e91f904884f967f526eceb2a4ef19aaeee464d

    • SHA512

      4acd7b6a56455c486ab6515d525857218c52afc8a66a1765901be982a04577e10fb085bd3f4509d613edb05ed90fc028babf90da946c0202ec2e27778a2a6eef

    • SSDEEP

      12288:d+vDOAEtBaXdXsgxdx/1KguE27g9JmZO4WJA3UuOP+MUMvG:ya/tBaXdXhxdx/slV8u3Ur+MUMe

    Score
    1/10
    behavioral1behavioral2

    • Target

      invoice for payment request.exe

    • Size

      528KB

    • MD5

      42c6243d19bed300a01fda64e3d16819

    • SHA1

      5dd4196945171a9c4a0d9b8f65070a1289d2a288

    • SHA256

      1a8dd4fa9763e441591d8d927e8f69dc9e5138c62c80c9ff8d5007a1b8b2bef0

    • SHA512

      0551531fb48a0e7097a7a38233c8bf62f6308519912538fd1774e7dd2c07d198c1d7912241749fcb543048a3aa89347911d92db264d74d0c933567617841ce8c

    • SSDEEP

      12288:OquErHF6xC9D6DmR1J98w4oknqOOCyQf66zHERlIf7TcXHN87p7:Drl6kD68JmlotQf6akRlyTcXHq97

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealerupx

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      out.upx

    • Size

      994KB

    • MD5

      dcd91f9fe48b00fc1064652b28c952d3

    • SHA1

      5813bb39a5fcfa3b860589d58fe4574d7a03303e

    • SHA256

      db2c70cd159a6060cc389c0a8d8761b3e248f92fe1ae4eda65cb0c4f8e67d928

    • SHA512

      d05a8aaa8d53ea40325d9c4972c0b541b3d5bfa8d0df8647fee8c949b564ac282fdc0b533e3178e89792f000b16542f4e075240380c8a353bbfdefc21700a35c

    • SSDEEP

      24576:2u6J33O0c+JY5UZ+XC0kGsokhkRlyTcXHq97:Yu0c++OCvkGsXhkTyTEK

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks