General
-
Target
6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9.exe
-
Size
707KB
-
Sample
240823-cmagxszele
-
MD5
cf7c1cb71ad11a8c4ab07ffc3afa2f67
-
SHA1
68c5f1c0e97237c4fff232e099353792b160df1a
-
SHA256
6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9
-
SHA512
997d7e6bcd9aa8ac33f6bb667edfe40efc522f47dd54284895b15736edb86052284409a3a6a9ab1c9e9066f507599a1824cf6a935849cb7346e2464c90ccb904
-
SSDEEP
12288:PsHzOUNUSB/o5LsI1uwajJ5yvv1l22BFPP+W3hf/sgaEKs4+V51t35VXEjEzMWT4:eiUmSB/o5d1ubcvxhGmhf/sga6f5njXI
Behavioral task
behavioral1
Sample
6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7121690251:AAEuf5zFrwn6F6mTVPJTwU5P1nN1ULFLElA/sendMessage?chat_id=7071568333
Targets
-
-
Target
6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9.exe
-
Size
707KB
-
MD5
cf7c1cb71ad11a8c4ab07ffc3afa2f67
-
SHA1
68c5f1c0e97237c4fff232e099353792b160df1a
-
SHA256
6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9
-
SHA512
997d7e6bcd9aa8ac33f6bb667edfe40efc522f47dd54284895b15736edb86052284409a3a6a9ab1c9e9066f507599a1824cf6a935849cb7346e2464c90ccb904
-
SSDEEP
12288:PsHzOUNUSB/o5LsI1uwajJ5yvv1l22BFPP+W3hf/sgaEKs4+V51t35VXEjEzMWT4:eiUmSB/o5d1ubcvxhGmhf/sga6f5njXI
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-