Overview

overview

10

Static

static

3

LAT00125.exe

windows7-x64

10

LAT00125.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LAT00125.rar

  • Size

    509KB

  • Sample

    250228-nmxg8szls3

  • MD5

    7a77673ca83f71770676908c37b0ee4a

  • SHA1

    8af33660ef357a349291ef75ec8ebadf7ad168d7

  • SHA256

    01679b667028f70b4f50112dd29a1f6fc9636fad7aec2d3e3be9e580901a6bd9

  • SHA512

    2197bb3c747b9ae8eb7a447c7a91ac11ba71f58be10c25f1b9e6eeae89d96963c8cb0edf0d27f613bfc8ca3f71d0c647b59e764e3995f25bf92a85ad16876913

  • SSDEEP

    12288:oloEVk7jV1fQG9+1Jvma/9R3SZEY3E0+tUkitQcIy:NEVkH3fQNea/P3SZL+tPitQcIy

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7585694192:AAGLfsIW_RBiJFpsVE-aHUlOXlAUS1Hay0s/sendMessage?chat_id=6230067815

Targets

    • Target

      LAT00125.exe

    • Size

      863KB

    • MD5

      37767a9344273d94fb212dc6712f6b0c

    • SHA1

      36391e9443a63cea9ed8cfe4cfeb6d138770bb63

    • SHA256

      b6a0e4852c647cd96d0a4b5ad63f3b9c2daa11a8d842c88f166a1a10a853043c

    • SHA512

      bcd7f63d1c32926f3cd975a973fed34f90acecd340515befbeeb9b95f8e1b7cf02d6575412724e3c6e52cf00f909e3963a76e98893cd0bda9505c3ea28459315

    • SSDEEP

      12288:Psjtshl095iCemgRYeJIDdrd+TZLLlNzqUYfFOns:0mhzCuJIprd25L6Uoi

    Score
    10/10
    vipkeyloggerdiscoverykeyloggerstealercollection

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks