Overview

overview

10

Static

static

3

315176345_...41.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14042025_0804_315176345_2025-04-13-5522441.exe.iso

  • Size

    1.2MB

  • Sample

    250414-jyhq1aslt6

  • MD5

    eb4e5dbb32097cdaf8551e9224f3343f

  • SHA1

    02405c16497d045313db8d33c2fa4c9909a1363a

  • SHA256

    489e9114de29cf7594427a3472f0d0ab5f0d7434242f139417af119f3a5d8b79

  • SHA512

    76e56353c4c23946511927054d83c9dd928afe9931ad3615defaa9d6fa3c832bb9dad2841533738c867b9d0061605935b4e40930b0b007b7e55002aef792ccdc

  • SSDEEP

    12288:R+q6+b0201LM+OryHE3WrRMnSUO8nmCeud3f2KHTlt1A:R+qlA20WyGEyltnmCe8fJ31A

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7940557245:AAGEVNBuuGDhlbTi3PPq7irUInwmQ9JgMqQ/sendMessage?chat_id=7590946867

Targets

    • Target

      315176345_2025-04-13-5522441.exe

    • Size

      645KB

    • MD5

      619e2fa8cf181dcce7df16e5fee4065a

    • SHA1

      7c72e48804fbd2bd8b4f28e69f916d910afd5cc7

    • SHA256

      8e6c5f4651741758b6b141da89e4c27fa244eccce3d9beaf4b1ae0e48f13d5a0

    • SHA512

      9840537924bf3858b21771945798f49b2e907b8efee4fe4e7ae5a0762c5ff451543b95d9750e31d0203ec485da45535c03d8cfbeba88ca70533ddb19ac4ad303

    • SSDEEP

      12288:u+q6+b0201LM+OryHE3WrRMnSUO8nmCeud3f2KHTlt1A:u+qlA20WyGEyltnmCe8fJ31A

    Score
    10/10
    guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      9b38a1b07a0ebc5c7e59e63346ecc2db

    • SHA1

      97332a2ffcf12a3e3f27e7c05213b5d7faa13735

    • SHA256

      8b4c47c4cf5e76ec57dd5a050d5acd832a0d532ee875d7b44f6cdaf68f90d37c

    • SHA512

      26e77f8e10f6d8693c92bd036b53a3f6e0c523090ef8dfe479815f556ecd2b57fc90ce9f7cceebe70460d464decb27ad1fe240819fd56997764e96506b6a439c

    • SSDEEP

      192:kjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZ40QPi:U/Qlt7wiij/lMRv/9V4b4r

    Score
    3/10
    discovery
    behavioral2

MITRE ATT&CK Enterprise v16

Tasks