General
-
Target
0815e4fcd9b75660891ec15ce119fa70N.exe
-
Size
698KB
-
Sample
240831-2a8lmayflg
-
MD5
0815e4fcd9b75660891ec15ce119fa70
-
SHA1
7f8c1c73194725dce424b72ff2306203f3590c3b
-
SHA256
89a9123df318a4c77a378e687f5e4c1c7f7806d64c85a7360a556b487343a49b
-
SHA512
c613b96c177294bbbfce2e0b86d15f32d2c7c579bf4c50ef0940ae697e7cfa0f36512ff7fa221c2a5b6963ca6b000b34876707bdc56351c20d20a3ee54fa68ba
-
SSDEEP
12288:67MJHZFQpHB5LOBTCUbINBoQYwXsCGJt5aFp0zS6w+CAG0snsQc:6IJHoph5CBTCUUN6QYwZrH6VfAsQc
Static task
static1
Behavioral task
behavioral1
Sample
0815e4fcd9b75660891ec15ce119fa70N.exe
Resource
win7-20240705-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7480851360:AAFGFIgeYioB7dUKsMFuCrt400Zxu2IugeM/sendMessage?chat_id=6070006284
Targets
-
-
Target
0815e4fcd9b75660891ec15ce119fa70N.exe
-
Size
698KB
-
MD5
0815e4fcd9b75660891ec15ce119fa70
-
SHA1
7f8c1c73194725dce424b72ff2306203f3590c3b
-
SHA256
89a9123df318a4c77a378e687f5e4c1c7f7806d64c85a7360a556b487343a49b
-
SHA512
c613b96c177294bbbfce2e0b86d15f32d2c7c579bf4c50ef0940ae697e7cfa0f36512ff7fa221c2a5b6963ca6b000b34876707bdc56351c20d20a3ee54fa68ba
-
SSDEEP
12288:67MJHZFQpHB5LOBTCUbINBoQYwXsCGJt5aFp0zS6w+CAG0snsQc:6IJHoph5CBTCUUN6QYwZrH6VfAsQc
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-