General
-
Target
5af68288206ce122104dff83ffbbd10e0a7743e4101c418ccf76b0f4ea94096e.exe
-
Size
608KB
-
Sample
240828-b5ry9a1gjn
-
MD5
39286045ee263da904defc09ae60f82d
-
SHA1
c9dd094a86ec03a437ef6419d5c1a2c8a685717f
-
SHA256
5af68288206ce122104dff83ffbbd10e0a7743e4101c418ccf76b0f4ea94096e
-
SHA512
4203297307590d525900b027890ba97b2b2ec7381020e093c5db1543331242b1950e8a51726d5c609b4e80d6f3c9b0bf477a0be378308df27b6bc4fa9a5308d7
-
SSDEEP
12288:XbFZEP2kYGZakyOPu4yA97OjDWVNMHH2U+NM1LIQ:LPEPbYGO4yAGDZVr
Static task
static1
Behavioral task
behavioral1
Sample
5af68288206ce122104dff83ffbbd10e0a7743e4101c418ccf76b0f4ea94096e.exe
Resource
win7-20240704-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.discreteminds.pt - Port:
587 - Username:
[email protected] - Password:
#inesfilipa23 - Email To:
[email protected]
https://api.telegram.org/bot7217871082:AAHWvKm2slJ7gY6FwmyWidwOa0RVoSaM_R8/sendMessage?chat_id=7137773399
Targets
-
-
Target
5af68288206ce122104dff83ffbbd10e0a7743e4101c418ccf76b0f4ea94096e.exe
-
Size
608KB
-
MD5
39286045ee263da904defc09ae60f82d
-
SHA1
c9dd094a86ec03a437ef6419d5c1a2c8a685717f
-
SHA256
5af68288206ce122104dff83ffbbd10e0a7743e4101c418ccf76b0f4ea94096e
-
SHA512
4203297307590d525900b027890ba97b2b2ec7381020e093c5db1543331242b1950e8a51726d5c609b4e80d6f3c9b0bf477a0be378308df27b6bc4fa9a5308d7
-
SSDEEP
12288:XbFZEP2kYGZakyOPu4yA97OjDWVNMHH2U+NM1LIQ:LPEPbYGO4yAGDZVr
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-