MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VIPKeylogger


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225
SHA3-384 hash: 811fbdc6195109de9cfc10659c1ca6cf17af299695e832c380ba157626478ba8e9df86ab26f4e46049afe5771880e979
SHA1 hash: 2bc8d9b78f26838fcfd0ff4d679a7dfb56afa3da
MD5 hash: efb1e8c5c1be599507b8cf89b2a5268a
humanhash: king-music-november-virginia
File name:SWIFT_MESSAGE_5890339TECHCOMBANK Referans No326343 EUR_FNYINT_14112025pdf.js
Download: download sample
Signature VIPKeylogger
Create hunting rule
File size:324'266 bytes
First seen:2025-11-17 13:07:37 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 6144:pEQtDycbAqqjOGl/80mYxpfad5tqq75cyMx8hs0Xz:2y0//8m411ThXz
Threatray 205 similar samples on MalwareBazaar
TLSH T16F64A37718016ECEA638614D26978F1623F3A42A55D39EAB744108DF301BB0DBBBD5BC
Magika javascript
Reporter James_inthe_box
Tags:exe js VIPKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BAT.Obfus-10.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=691b1e47434cd67b17c277ac
Tags:
backdoor spawn spam hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 evasive fingerprint masquerade obfuscated powershell powershell repaired
Link:
https://www.filescan.io/uploads/691b1e4579ae26cd3304c3da/reports/18b9097d-2750-4743-aba7-07655657f68e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225
Verdict:
Malicious
File Type:
js
First seen:
2025-11-14T19:22:00Z UTC
Last seen:
2025-11-19T11:02:00Z UTC
Hits:
~1000
Detections:
PDM:Trojan.Win32.Generic HEUR:Trojan.PowerShell.Tesre.sb Trojan-Downloader.JS.Cryptoload.sb HEUR:Trojan.BAT.Tesre.gen Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic Trojan.PowerShell.AmsiBypass.sb Trojan.BAT.Agent.sb Trojan.VBS.SAgent.sb HEUR:Trojan.Script.SAgent.gen HEUR:Trojan-Downloader.Script.Generic
Link:
https://opentip.kaspersky.com/dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-15 04:33:10 UTC
File Type:
Text
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=37h5sqiuse3etbxfsm7kynrg4scmn7htsio5xbx6thw7dahmyisq._file
Verdict:
malicious
Label(s):
vipkeylogger
Create hunting rule
Similar samples:
03034db898bb76e51b941005585251b64956ae5ff4ce2e55cbbdab9174e00a55
VIPKeylogger
05afcd6fed8fc4ae9c43f7de2c0d717eb02f91fed941246231d88cfb01170400
VIPKeylogger
10d96a57b4a446b30816229307984a151f1d319eb8e25fdffb0b6185055f778a
VIPKeylogger
6f96b534bcfec55b97dbeb18cbeaf59c2a7b745e667fea1a0998b1ff9df72b45
VIPKeylogger
750178918522765b83b32510dce10c8cf9614ae72b95539f93b8ba7088bb1779
VIPKeylogger
80943dad82a060b3506f2312c2d282f117e08a1b16cd9f1f6fcaf852be916407
VIPKeylogger
833273614f0b78225a6b6975e70c0a07cc0052a448c3eb175cf6af0edb6ed4b3
VIPKeylogger
864f41d231931ce8dda8dfef17c84106adab9d3d2023b5e41ddc403e79ea3461
VIPKeylogger
aaddb0601ec56272d1fa36b29bd5c35d9d8705841a16a84dcee9f0698b2bde15
VIPKeylogger
error
VIPKeylogger
+ 195 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:vipkeylogger collection discovery execution keylogger stealer
Link:
https://tria.ge/reports/251117-qddd4sal9x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Accesses Microsoft Outlook profiles
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Drops startup file
Badlisted process makes network request
Process spawned unexpected child process
VIPKeylogger
Vipkeylogger family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dfcfd9411491364986e5933eac3626e484c6fcf3921ddb86fe99edf180ecc225

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments