Overview

overview

10

Static

static

3

PO-INVOICE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-INVOICE.exe

  • Size

    1.0MB

  • Sample

    250414-r8kmca1sc1

  • MD5

    52801720d0495e0bd1f781e22bf48a20

  • SHA1

    101b93a16ecedb1b143f80ddbdb12ee376ec1f88

  • SHA256

    633fab421c431bf0c98270e6706420cb9945195e17f1a5a2ddcaaf6c56287bde

  • SHA512

    aa7eef07b09cdb9a99e6bd056e3fab7142e1859f23cd1429b9877e03c33f281e844d718bfe1c31c37a79b8d33f7c9df43b683a2e74fc38bb63553fc8a2cd8d24

  • SSDEEP

    24576:NRxYwke17y0EID2XalWFwXf+5pyewHrAKF6F8Ld339S:pFlA0EIDDsFwv0Mx8CL

Score
10/10
vipkeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      PO-INVOICE.exe

    • Size

      1.0MB

    • MD5

      52801720d0495e0bd1f781e22bf48a20

    • SHA1

      101b93a16ecedb1b143f80ddbdb12ee376ec1f88

    • SHA256

      633fab421c431bf0c98270e6706420cb9945195e17f1a5a2ddcaaf6c56287bde

    • SHA512

      aa7eef07b09cdb9a99e6bd056e3fab7142e1859f23cd1429b9877e03c33f281e844d718bfe1c31c37a79b8d33f7c9df43b683a2e74fc38bb63553fc8a2cd8d24

    • SSDEEP

      24576:NRxYwke17y0EID2XalWFwXf+5pyewHrAKF6F8Ld339S:pFlA0EIDDsFwv0Mx8CL

    Score
    10/10
    vipkeyloggercollectiondiscoverykeyloggerstealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks