VILSA STEALER - CYFIRMA
Tags
cmtmf-attack-pattern: Application Layer Protocol Command And Scripting Interpreter Masquerading Obfuscated Files Or Information
attack-pattern: Data Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Dll Side-Loading - T1574.002 Embedded Payloads - T1027.009 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Powershell - T1059.001 Python - T1059.006 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 System Checks - T1633.001 System Checks - T1497.001 Timestomp - T1070.006 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Browser Extensions - T1176 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Module Load - T1129 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Indicator Removal On Host - T1070 Indirect Command Execution - T1202 Masquerading - T1036 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Security Software Discovery - T1063 System Information Discovery - T1082 Timestomp - T1099 Masquerading
Show in Graph
Common Information
Type Value
UUID 5e7cb812-b6ac-4d70-b0cc-a2d5e293334b
Fingerprint 87a43e12ac8f93c0
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 4, 2024, 8:51 a.m.
Added to db Oct. 10, 2024, 12:36 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline VILSA STEALER
Title VILSA STEALER - CYFIRMA
Detected Hints/Tags/Attributes 108/2/34
Source URLs
Redirection Url
Details Source https://www.cyfirma.com/research/vilsa-stealer/
URL Provider
Details Provider Source level domain
Details cyfirma.com www.cyfirma.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
gruppe.py
Details Domain 1 
grupee.py
Details Domain 3 
bundeskriminalamt.agency
Details Domain 2 
hvnc.py
Details File 1 
vilsastealer.exe
Details File 4 
vmguestlib.dll
Details File 6 
vboxmrxnp.dll
Details File 1 
gruppe.py
Details File 1 
grupee.py
Details File 2 
hvnc.py
Details md5 2 
2b4df2bc6507f4ba7c2700739da1415d
Details sha256 1 
f5c5845e5531ed7a9f39fd665fb712baa557799b4a6bd9e92c7ef76d43eb5064
Details IPv4 3 
83.136.208.208
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 120 
T1129
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 40 
T1027.009
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 93 
T1070.006
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 60 
T1202
Details MITRE ATT&CK Techniques 97 
T1497.001
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 141 
T1518.001
Details MITRE ATT&CK Techniques 157 
T1560
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 163 
T1573
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 472 
T1486
Details Url 2 
http://bundeskriminalamt.agency/pw
Details Url 1 
http://bundeskriminalamt.agency/hvnc
Details Url 2 
http://bundeskriminalamt.agency