Extracted

• • Target

    Unodens.exe

  • Size

    1.0MB

  • MD5

    bb02b2519acf35d79d4cddcb650faa0d

  • SHA1

    9f6c09441b9f2ac91953bfbc58ff2fb69d95e764

  • SHA256

    7638cea93334af3658ccd523affd183a8eac3fc833a31f4dce7a53648fb88ef3

  • SHA512

    575ef5ef863fcc7cd6d92a5ebead8fd56ce0ef4c76a41ad5892813bf3a7432f7d87a4f14fb7d4778ff5f4f4948b6490ed23c32b9d1f1eb5893ffb5c5fa1b5a5b

  • SSDEEP

    24576:ihzDt9Q2MEf50qCx/MK+sqVj50LLoborPpIgaQQhN+AW:iBDt9JfuHxV+h70A0CZLW

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1

• • Target

    Nikkellegering.Den

  • Size

    53KB

  • MD5

    daee23494cb2039ad5ea0486945a0df0

  • SHA1

    f6982455b15c62ba79500f3f1c953c7c30ad3ddd

  • SHA256

    c2d9b8b50e800c97958e1680266d11587e46929325ce7895705bb1798a03b6c8

  • SHA512

    b657ed6717e21cbcf74fc463a869c53fa55b4a3deb4dbb7585bcbef89156cf7626a778f7e83377a0cdd585ef2de0e8d8ce06e86b31f38733e60030b6f2f5e779

  • SSDEEP

    1536:GHEsoBAs5bKMWGq2l907lCSYe2XcTitVsSfTl:tv5uMWGqGCCC2MWfTl

  Score

  8^/10

  executionpersistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral2