General
-
Target
2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021.exe
-
Size
703KB
-
Sample
240828-bw3pdszblh
-
MD5
368c348876ea257c08cf6b32cdb2f567
-
SHA1
3336a515822b67e891782ebe907b78ef14dfc7cf
-
SHA256
2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021
-
SHA512
9da17c7837c27fc84f2b94acaf64b97b6c779a554f999500bc9558f42ededd6ebfebb5b357c0fcb23b6f669cc81410e4933686aeb0ed5968d826076554c65b06
-
SSDEEP
12288:a7MJHZFQp4CdsJYgASCk0DpDLZwfw+A0T2obdYgVRgTuaFp0zS6w+CAG0snsQ6:aIJHop42gAM0teoVGbd9VRYH6VfAsQ6
Static task
static1
Behavioral task
behavioral1
Sample
2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021.exe
Resource
win7-20240708-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021.exe
-
Size
703KB
-
MD5
368c348876ea257c08cf6b32cdb2f567
-
SHA1
3336a515822b67e891782ebe907b78ef14dfc7cf
-
SHA256
2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021
-
SHA512
9da17c7837c27fc84f2b94acaf64b97b6c779a554f999500bc9558f42ededd6ebfebb5b357c0fcb23b6f669cc81410e4933686aeb0ed5968d826076554c65b06
-
SSDEEP
12288:a7MJHZFQp4CdsJYgASCk0DpDLZwfw+A0T2obdYgVRgTuaFp0zS6w+CAG0snsQ6:aIJHop42gAM0teoVGbd9VRYH6VfAsQ6
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-