Overview

overview

10

Static

static

3

Factura Ho...4..exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15042025_0056_Factura Honorarios_ 2025-04-14..exe.iso

  • Size

    1.2MB

  • Sample

    250415-bawnysvqv6

  • MD5

    100f94728cc64aff22414d60a229f1c9

  • SHA1

    a6cbbbcb538b4591681405c4f4770682c719d378

  • SHA256

    f84832a0fa532ccb9bbd31b6e5a6a7746e582124c2f982b60930fe583f2e4cff

  • SHA512

    9a4a38467966ab9de0d45e35d5c8270264fad88b66e9933fe0b5b982487b4a94cb482140c10a448fe1387b5d2861aff7e42053fdd4bd855ab5620c4f1d9656c2

  • SSDEEP

    12288:h+q6+b0201LM+OryHE3WrRMnSUO8nmCeud3f2KHTlt1A:h+qlA20WyGEyltnmCe8fJ31A

Score
10/10
guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7940557245:AAGEVNBuuGDhlbTi3PPq7irUInwmQ9JgMqQ/sendMessage?chat_id=7590946867

Targets

    • Target

      Factura Honorarios_ 2025-04-14..exe

    • Size

      645KB

    • MD5

      619e2fa8cf181dcce7df16e5fee4065a

    • SHA1

      7c72e48804fbd2bd8b4f28e69f916d910afd5cc7

    • SHA256

      8e6c5f4651741758b6b141da89e4c27fa244eccce3d9beaf4b1ae0e48f13d5a0

    • SHA512

      9840537924bf3858b21771945798f49b2e907b8efee4fe4e7ae5a0762c5ff451543b95d9750e31d0203ec485da45535c03d8cfbeba88ca70533ddb19ac4ad303

    • SSDEEP

      12288:u+q6+b0201LM+OryHE3WrRMnSUO8nmCeud3f2KHTlt1A:u+qlA20WyGEyltnmCe8fJ31A

    Score
    10/10
    guloadervipkeyloggercollectiondiscoverydownloaderkeyloggerspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      9b38a1b07a0ebc5c7e59e63346ecc2db

    • SHA1

      97332a2ffcf12a3e3f27e7c05213b5d7faa13735

    • SHA256

      8b4c47c4cf5e76ec57dd5a050d5acd832a0d532ee875d7b44f6cdaf68f90d37c

    • SHA512

      26e77f8e10f6d8693c92bd036b53a3f6e0c523090ef8dfe479815f556ecd2b57fc90ce9f7cceebe70460d464decb27ad1fe240819fd56997764e96506b6a439c

    • SSDEEP

      192:kjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZ40QPi:U/Qlt7wiij/lMRv/9V4b4r

    Score
    3/10
    discovery
    behavioral2

MITRE ATT&CK Enterprise v16

Tasks