General
-
Target
d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb.exe
-
Size
1.1MB
-
Sample
240827-v86flasela
-
MD5
b1625586328ced2f2ca8d119a06f8713
-
SHA1
0c2f2ad3e4ee88d99dbd42a56fdc515b7dd533e7
-
SHA256
d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb
-
SHA512
cd5d8afb20568ddd214f72ce5468c47fb84af3caf772f7c50d3f5244468d47beb5ae175aba8348bb1b3aeb65601ba30b865d3bfec417bb84a3f19eed94467156
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aftzJoLSmtXpEwpfMsNUsXD:pTvC/MTQYxsWR7aftzJlmP9pEsB
Static task
static1
Behavioral task
behavioral1
Sample
d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7461655198:AAErWj9ySuriVtERqboc8jIftAtwvOsFMsw/sendMessage?chat_id=6867107799
Targets
-
-
Target
d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb.exe
-
Size
1.1MB
-
MD5
b1625586328ced2f2ca8d119a06f8713
-
SHA1
0c2f2ad3e4ee88d99dbd42a56fdc515b7dd533e7
-
SHA256
d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb
-
SHA512
cd5d8afb20568ddd214f72ce5468c47fb84af3caf772f7c50d3f5244468d47beb5ae175aba8348bb1b3aeb65601ba30b865d3bfec417bb84a3f19eed94467156
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aftzJoLSmtXpEwpfMsNUsXD:pTvC/MTQYxsWR7aftzJlmP9pEsB
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-