General
-
Target
1a08f58dcfbfa93816b453302440320837d854125a6a6e5999bd5642698f4123.exe
-
Size
628KB
-
Sample
240828-r77qgssdrh
-
MD5
a7587617be34b17d5b28ead97a4943fc
-
SHA1
d990182fb54b478ba299a65c28fd31c536881e0c
-
SHA256
1a08f58dcfbfa93816b453302440320837d854125a6a6e5999bd5642698f4123
-
SHA512
c12412145ec79eeb3f1a0f48471f6fa4efff870b21da996e258ef771a90e3424baccd0adc4475fd5ae3b8e02bbe6a097d093c2ae783e36c5ba646776b624e9ed
-
SSDEEP
12288:ebFZsdRYzeQGOADGnQKfzNLGlo9g05UshRtcJ56tiHH2U+NM1LIA:IPsRQZADGtBCo9gdjVv
Static task
static1
Behavioral task
behavioral1
Sample
1a08f58dcfbfa93816b453302440320837d854125a6a6e5999bd5642698f4123.exe
Resource
win7-20240704-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.discreteminds.pt - Port:
587 - Username:
[email protected] - Password:
#inesfilipa23 - Email To:
[email protected]
https://api.telegram.org/bot7509624540:AAHhg6fRy8hkuDF6yU2iSzbNZVKvlRagMx8/sendMessage?chat_id=7451270736
Targets
-
-
Target
1a08f58dcfbfa93816b453302440320837d854125a6a6e5999bd5642698f4123.exe
-
Size
628KB
-
MD5
a7587617be34b17d5b28ead97a4943fc
-
SHA1
d990182fb54b478ba299a65c28fd31c536881e0c
-
SHA256
1a08f58dcfbfa93816b453302440320837d854125a6a6e5999bd5642698f4123
-
SHA512
c12412145ec79eeb3f1a0f48471f6fa4efff870b21da996e258ef771a90e3424baccd0adc4475fd5ae3b8e02bbe6a097d093c2ae783e36c5ba646776b624e9ed
-
SSDEEP
12288:ebFZsdRYzeQGOADGnQKfzNLGlo9g05UshRtcJ56tiHH2U+NM1LIA:IPsRQZADGtBCo9gdjVv
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-