Overview

overview

10

Static

static

3

confirmaci...go.exe

windows7-x64

7

confirmaci...go.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    confirmación de pago.exe

  • Size

    1.1MB

  • Sample

    250225-myfhestrw8

  • MD5

    fa7328d8646b5f0f829738e14610f257

  • SHA1

    4def8c21df1481145724218ca182d69dfcd60fe7

  • SHA256

    4648996757958c60d49d829678d146b903a5c93ba3aaecddf4aed15af02041cc

  • SHA512

    a880b44e7777dcf2abdd456568ccebff925260c76daf782a80393ec771381246964baea0142fdb160684e0aa2d426ac37941dc4689955eceb959f842f20568f3

  • SSDEEP

    24576:xjlO4f0OMTtAkg7AecFq3ry+HNU7OIdzkL3:xMQ0ftAr7BcFgHNUlV83

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7040312407:AAFWVlSIzsmV7GmLpQj1tUsYJkbKZM5-bUU/sendMessage?chat_id=7763958191

Targets

    • Target

      confirmación de pago.exe

    • Size

      1.1MB

    • MD5

      fa7328d8646b5f0f829738e14610f257

    • SHA1

      4def8c21df1481145724218ca182d69dfcd60fe7

    • SHA256

      4648996757958c60d49d829678d146b903a5c93ba3aaecddf4aed15af02041cc

    • SHA512

      a880b44e7777dcf2abdd456568ccebff925260c76daf782a80393ec771381246964baea0142fdb160684e0aa2d426ac37941dc4689955eceb959f842f20568f3

    • SSDEEP

      24576:xjlO4f0OMTtAkg7AecFq3ry+HNU7OIdzkL3:xMQ0ftAr7BcFgHNUlV83

    Score
    10/10
    discoveryguloadervipkeyloggercollectiondownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c61501f07cf09bcfcdfe4cc8a1ebbbe3

    • SHA1

      e8581b4359651b857646ae727efaaef372daa0fc

    • SHA256

      7e75f148920db6300dad5a1c12fd5d6eecc95698a310a01311181bc98a704d55

    • SHA512

      9837abe7ec3fa0f1f5193968d12b7ca1893e34eddf628db1f7ab6715b4de339231f0ec1b5f0f86c767f5a30c40da5c4a95e99deedd22eece93cb0d00539aad24

    • SSDEEP

      192:Kk09rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:Kk0JQEaVAK7R9SfpjpQYLRszfH/d9CWv

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks