Overview

overview

10

Static

static

3

Minty.exe

windows7-x64

7

Minty.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24022025_1553_24022025_DOC_110012514060712025.PDF.tar

  • Size

    1.1MB

  • Sample

    250224-tbfy1a1ks4

  • MD5

    a9e83745727d1174c6af6fb291d4ecbd

  • SHA1

    57d33e8f1d8afd1b284822d29876618e41d32ca0

  • SHA256

    41ab37eedf4c83f39f446a86e5b68330348de0b23c50e4513b6b5477f02744d1

  • SHA512

    ee0fddf90de5442e3e2f0bb22086959af9e9e55b31b479f09a1a0c490561c27afb07cde0e57c6ca76d191d3896dd9c6a829288987f5b29e54e4ffef30acc898f

  • SSDEEP

    24576:fjl8n94KG/k6Jw4odKq3ry+HNU7OIdzkL:rKnex/kIteKgHNUlV8

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7745751910:AAGY46QDCTWO_Pw9iDqZhkNij-i4uwbMgzE/sendMessage?chat_id=7695061973

Targets

    • Target

      Minty.exe

    • Size

      1.1MB

    • MD5

      0655e0d2ba0e2e1c6dff3fc641df6e51

    • SHA1

      a59607c3c85aefe38a9b1120f62cd9068eb40a57

    • SHA256

      86f314ed376d8d0f2b6d6a99cbd54a05d536d13fb76d163243198253b12e5f54

    • SHA512

      b9e9a1d2db29b756d0fa85b01e4af65c53069715ee45d4f83b29f85c06deb946dd00020591d370ac6d6689f6f1f1d5fcb5b524f59f9ef6ad9f4d5a3da85ea7b9

    • SSDEEP

      24576:yjl8n94KG/k6Jw4odKq3ry+HNU7OIdzkLa:mKnex/kIteKgHNUlV8a

    Score
    10/10
    discoveryguloadervipkeyloggercollectiondownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c61501f07cf09bcfcdfe4cc8a1ebbbe3

    • SHA1

      e8581b4359651b857646ae727efaaef372daa0fc

    • SHA256

      7e75f148920db6300dad5a1c12fd5d6eecc95698a310a01311181bc98a704d55

    • SHA512

      9837abe7ec3fa0f1f5193968d12b7ca1893e34eddf628db1f7ab6715b4de339231f0ec1b5f0f86c767f5a30c40da5c4a95e99deedd22eece93cb0d00539aad24

    • SSDEEP

      192:Kk09rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:Kk0JQEaVAK7R9SfpjpQYLRszfH/d9CWv

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks