Overview

overview

10

Static

static

3

PO-INVOICE.exe

windows10-2004-x64

10

Resubmissions

14/04/2025, 12:46

250414-pz4mraxkt4 10

14/04/2025, 12:46

250414-pzn73axks2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-INVOICE.tar.001

  • Size

    1.0MB

  • Sample

    250414-pz4mraxkt4

  • MD5

    cd838215d541f4c0a697b19a1d5084b5

  • SHA1

    fce882c1e83854d57692525df5fa32c7820d22d2

  • SHA256

    6a3ed292ffbe10a366c6c298832cb0ebcb10944f2b30fcbe52097ade905cfde6

  • SHA512

    e51db140c1ecb3cc831212dd9944336f1930d74fdd2da6355e008985363fa2f8d8788042282256b2a5f70b8bccb724156cbd80c629d2d3c89bac060755824de7

  • SSDEEP

    24576:ERxYwke17y0EID2XalWFwXf+5pyewHrAKF6F8Ld339S:SFlA0EIDDsFwv0Mx8CL

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      PO-INVOICE.exe

    • Size

      1.0MB

    • MD5

      52801720d0495e0bd1f781e22bf48a20

    • SHA1

      101b93a16ecedb1b143f80ddbdb12ee376ec1f88

    • SHA256

      633fab421c431bf0c98270e6706420cb9945195e17f1a5a2ddcaaf6c56287bde

    • SHA512

      aa7eef07b09cdb9a99e6bd056e3fab7142e1859f23cd1429b9877e03c33f281e844d718bfe1c31c37a79b8d33f7c9df43b683a2e74fc38bb63553fc8a2cd8d24

    • SSDEEP

      24576:NRxYwke17y0EID2XalWFwXf+5pyewHrAKF6F8Ld339S:pFlA0EIDDsFwv0Mx8CL

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks