Overview

overview

10

Static

static

3

212a64eefc...84.exe

windows7-x64

10

212a64eefc...84.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    212a64eefc140fd406653b68255c01ffb54b1827f226f63ce4f2b299aa290584.exe

  • Size

    675KB

  • Sample

    250227-c3fnwasnv5

  • MD5

    40ea152d46891890e84019097ef450bb

  • SHA1

    ea96638903559200bc5cb6a710093ed941b9861b

  • SHA256

    212a64eefc140fd406653b68255c01ffb54b1827f226f63ce4f2b299aa290584

  • SHA512

    0f9dfb1039cfe095372d98b8051d8207e3babd7ae43efcac1b3768aa1543505fe8fed56aacd26ecce6363cf253757406ec995acf36b89672606719951e966c90

  • SSDEEP

    12288:1Lv8YOVVJXivisIFOqClcyYN6T65erLydvkytb0OmL2H8tEB2Ly9:1Lv8bDJMvVlc9NC6A/6vkZOmq8KALM

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      212a64eefc140fd406653b68255c01ffb54b1827f226f63ce4f2b299aa290584.exe

    • Size

      675KB

    • MD5

      40ea152d46891890e84019097ef450bb

    • SHA1

      ea96638903559200bc5cb6a710093ed941b9861b

    • SHA256

      212a64eefc140fd406653b68255c01ffb54b1827f226f63ce4f2b299aa290584

    • SHA512

      0f9dfb1039cfe095372d98b8051d8207e3babd7ae43efcac1b3768aa1543505fe8fed56aacd26ecce6363cf253757406ec995acf36b89672606719951e966c90

    • SSDEEP

      12288:1Lv8YOVVJXivisIFOqClcyYN6T65erLydvkytb0OmL2H8tEB2Ly9:1Lv8bDJMvVlc9NC6A/6vkZOmq8KALM

    Score
    10/10
    guloadervipkeyloggerdiscoverydownloaderkeyloggerstealercollectionspyware

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b8992e497d57001ddf100f9c397fcef5

    • SHA1

      e26ddf101a2ec5027975d2909306457c6f61cfbd

    • SHA256

      98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b

    • SHA512

      8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c

    • SSDEEP

      192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks