Overview

overview

10

Static

static

3

315176345_...41.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14042025_0804_315176345_2025-04-13-5522441.exe.iso

  • Size

    1.2MB

  • Sample

    250414-j26x1asms6

  • MD5

    eb4e5dbb32097cdaf8551e9224f3343f

  • SHA1

    02405c16497d045313db8d33c2fa4c9909a1363a

  • SHA256

    489e9114de29cf7594427a3472f0d0ab5f0d7434242f139417af119f3a5d8b79

  • SHA512

    76e56353c4c23946511927054d83c9dd928afe9931ad3615defaa9d6fa3c832bb9dad2841533738c867b9d0061605935b4e40930b0b007b7e55002aef792ccdc

  • SSDEEP

    12288:R+q6+b0201LM+OryHE3WrRMnSUO8nmCeud3f2KHTlt1A:R+qlA20WyGEyltnmCe8fJ31A

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7940557245:AAGEVNBuuGDhlbTi3PPq7irUInwmQ9JgMqQ/sendMessage?chat_id=7590946867

Targets

    • Target

      315176345_2025-04-13-5522441.exe

    • Size

      645KB

    • MD5

      619e2fa8cf181dcce7df16e5fee4065a

    • SHA1

      7c72e48804fbd2bd8b4f28e69f916d910afd5cc7

    • SHA256

      8e6c5f4651741758b6b141da89e4c27fa244eccce3d9beaf4b1ae0e48f13d5a0

    • SHA512

      9840537924bf3858b21771945798f49b2e907b8efee4fe4e7ae5a0762c5ff451543b95d9750e31d0203ec485da45535c03d8cfbeba88ca70533ddb19ac4ad303

    • SSDEEP

      12288:u+q6+b0201LM+OryHE3WrRMnSUO8nmCeud3f2KHTlt1A:u+qlA20WyGEyltnmCe8fJ31A

    Score
    10/10
    guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      9b38a1b07a0ebc5c7e59e63346ecc2db

    • SHA1

      97332a2ffcf12a3e3f27e7c05213b5d7faa13735

    • SHA256

      8b4c47c4cf5e76ec57dd5a050d5acd832a0d532ee875d7b44f6cdaf68f90d37c

    • SHA512

      26e77f8e10f6d8693c92bd036b53a3f6e0c523090ef8dfe479815f556ecd2b57fc90ce9f7cceebe70460d464decb27ad1fe240819fd56997764e96506b6a439c

    • SSDEEP

      192:kjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZ40QPi:U/Qlt7wiij/lMRv/9V4b4r

    Score
    3/10
    discovery
    behavioral2

MITRE ATT&CK Enterprise v16

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.