Overview

overview

10

Static

static

3

Factura 1-000122.exe

windows7-x64

7

Factura 1-000122.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nFactura_1-000122.tar

  • Size

    672KB

  • Sample

    250220-tznnra1kx9

  • MD5

    dae1b47a897d658de5d9d6405cab0d2a

  • SHA1

    6c4ef35d3ad9557681454408662d047b0ef5f0fc

  • SHA256

    509b443e6b1855ea091674d7d8cb9df45673d0d7ec019d399f0386cf86b3f846

  • SHA512

    6c10d9ee08198aaf9817244c9e2e9429111ea9fb3b0727f4f9081035cac1cc51753872cd869d0fb38aaa24d62373c0f2f3fdd2f56ec2dda4575dc08af9ec8c25

  • SSDEEP

    12288:+a/AcZ6qJ2s1+pBOi2f0yU0VhlhU4tG/U2XdgjPEmADNA0EpphZNG2:+4Z6SQB5qnrD2/ijsmY0

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7040312407:AAFWVlSIzsmV7GmLpQj1tUsYJkbKZM5-bUU/sendMessage?chat_id=7763958191

Targets

    • Target

      Factura 1-000122.exe

    • Size

      670KB

    • MD5

      67fd23f749d746da7fe2093aca29ed51

    • SHA1

      58a8e61356d69b5388357c4d40276ebc0f5be7f5

    • SHA256

      4aa360e16b659d45873d003f06f34ba82af7966b068a22f2fba2acdb83fb01b6

    • SHA512

      f0ae9cbbe2fbab3cce379d86b40567e3517598734f3cfd51a5d6a61bbab674d9f594c3af4b9b335a03308cfeb414dd7455628389908bf2dbc72890ea76debfbe

    • SSDEEP

      12288:Xa/AcZ6qJ2s1+pBOi2f0yU0VhlhU4tG/U2XdgjPEmADNA0EpphZNG26:X4Z6SQB5qnrD2/ijsmY06

    Score
    10/10
    discoveryguloadervipkeyloggercollectiondownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks