General
-
Target
39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a.exe
-
Size
694KB
-
Sample
240828-b1a5ya1enm
-
MD5
579a3ee4f3ad4dd614b10e024cf0ebb3
-
SHA1
9295445675922b829085a872917468665cb4a014
-
SHA256
39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a
-
SHA512
d21af245c672b48a7a19b6f7cc32a86a21ace60ed00ce4e7cd73a2a3fa833decaae71bf20595f588104a7b34d0eaf4f98479e432283306d1bd1435c252b7b093
-
SSDEEP
12288:ZDI9FKfuG2eO5uoTND1ifwhoX2nvUmeIU7ZwUe6vA2MdoW0:ZCFKf5o58fwhoWvny7oeFMdo
Static task
static1
Behavioral task
behavioral1
Sample
39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAFfPnSoEnQ7t4FKDH0Jch2gKTwGo4oCCAs/sendMessage?chat_id=2065242915
Targets
-
-
Target
39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a.exe
-
Size
694KB
-
MD5
579a3ee4f3ad4dd614b10e024cf0ebb3
-
SHA1
9295445675922b829085a872917468665cb4a014
-
SHA256
39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a
-
SHA512
d21af245c672b48a7a19b6f7cc32a86a21ace60ed00ce4e7cd73a2a3fa833decaae71bf20595f588104a7b34d0eaf4f98479e432283306d1bd1435c252b7b093
-
SSDEEP
12288:ZDI9FKfuG2eO5uoTND1ifwhoX2nvUmeIU7ZwUe6vA2MdoW0:ZCFKf5o58fwhoWvny7oeFMdo
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-