General
-
Target
267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3.exe
-
Size
1.1MB
-
Sample
240822-cj7m9atamc
-
MD5
0f78d5b9dd1e6f3c8728ac124313936c
-
SHA1
43a8a50b2e3f4d3acc42858f51a2e790837c3c94
-
SHA256
267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3
-
SHA512
b7ac807621fa5ed512d4f1b01aadb3789cde4fe20ddc7beb75d5202d147e982d780275118c41a8229f77fe486272374978e11f9e6c1a9e610c39b83df096ebaa
-
SSDEEP
24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a5M2AM7ND6XCIrX:ZTvC/MTQYxsWR7a5KNr
Static task
static1
Behavioral task
behavioral1
Sample
267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.tahaqoq.com - Port:
587 - Username:
[email protected] - Password:
T@ha5241+* - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.tahaqoq.com - Port:
587 - Username:
[email protected] - Password:
T@ha5241+*
Targets
-
-
Target
267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3.exe
-
Size
1.1MB
-
MD5
0f78d5b9dd1e6f3c8728ac124313936c
-
SHA1
43a8a50b2e3f4d3acc42858f51a2e790837c3c94
-
SHA256
267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3
-
SHA512
b7ac807621fa5ed512d4f1b01aadb3789cde4fe20ddc7beb75d5202d147e982d780275118c41a8229f77fe486272374978e11f9e6c1a9e610c39b83df096ebaa
-
SSDEEP
24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a5M2AM7ND6XCIrX:ZTvC/MTQYxsWR7a5KNr
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-