Overview

overview

10

Static

static

3

01NEW_PURC...54.exe

windows7-x64

6

01NEW_PURC...54.exe

windows10-2004-x64

10

libvlc.dll

windows7-x64

10

libvlc.dll

windows10-2004-x64

10

libvlccore.dll

windows7-x64

1

libvlccore.dll

windows10-2004-x64

1

Resubmissions

24/02/2025, 12:08

250224-pa55aa1pw5 10

24/02/2025, 09:40

250224-lnmnbavpt3 10

20/02/2025, 03:42

250220-d9d93awkdk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9645096bc9e53a83a9aaa69a13c82fea38c8719faf27298afd25892bd9f788ec.rar

  • Size

    3.6MB

  • Sample

    250224-lnmnbavpt3

  • MD5

    8758b53f36c2aea61ac9fd05bd639f2a

  • SHA1

    a7e9cf336e16f7305bbc5bb65bc8c292da186a15

  • SHA256

    9645096bc9e53a83a9aaa69a13c82fea38c8719faf27298afd25892bd9f788ec

  • SHA512

    cfdd89553b3e670cc2bab45069cab7b2c639996809962b6c1252eb9adda679a91f7f3840ec580159a5eb3890482355426e66d74b3243c99031ee88a1be4cca97

  • SSDEEP

    98304:phWlB/fA5eSshKViWvuKBC2aMsicrcOr4qdVT4zK:pCu5c8cVKBvTcrzVT4zK

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerpersistencestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7518188422:AAHmsiSJGbuq2bkotqlSAYxEVWayoAQB6Rw/sendMessage?chat_id=5210110905

Targets

    • Target

      01NEW_PURCHASE_ORDER_654576554.exe

    • Size

      969KB

    • MD5

      f9538485432d3ec640f89096ba2d4d00

    • SHA1

      b050b847b1fe8be78d56b29bd23c25e05c227a92

    • SHA256

      5d695d8a0bb1d919cc77a2aa2488a61797bfa065238160278ee458120630aaf9

    • SHA512

      ea7aeedd15f4d6a6005f8cfb7d404dfb0c302c837e48de7e3ff44d7d5908f8de6c0a81f736d874a491eddc89fdf753976be6f635e7e8512f5abb7f32caa8cfc5

    • SSDEEP

      24576:oFZAiQHDhht8m7FpUi1L1OXJz5zzz3zzzozzz3zzzNz:CZAiQHlhtz7FpWdwz

    Score
    10/10
    discoverypersistencevipkeyloggercollectionkeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      libvlc.dll

    • Size

      5.4MB

    • MD5

      e339e11223bb5e4ed51e7112dfa617da

    • SHA1

      510687d976c6253cb8b3569d71aaf85a2c69ee70

    • SHA256

      eeb4c6dd889c40d8b95ee00f2eff67a5d3e0d4a15034ab97a36662599b2e4f3e

    • SHA512

      aad3586e35bda596ccfad245856f5a59467b0a3ecc14ef39bc2dbda4e830038eaf80cacb62cdcf7dccdbc1982f72974ef21553a56f35a940657197655a7c34f2

    • SSDEEP

      49152:zUFv9Z4I+GBdNKgLLkFTaTMXWDIIWVAGe/IBlHelcPJOOr5V3P0jYThYFj52JPwW:omG8W2ZAGe/IBlGcPzi5W6P4a+GLQ1

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      libvlccore.dll

    • Size

      2.7MB

    • MD5

      c62c3ef5753af6e0980f38eebc196b1c

    • SHA1

      fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1

    • SHA256

      2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d

    • SHA512

      f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc

    • SSDEEP

      49152:0F0rn/mnSnjfazU2TGlMo1PBAUZLY6sEZGaXBuQQ9eI:0F07L60PBAUZL3W

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks