General
-
Target
103e969c365b0603d89a259f30984820N.exe
-
Size
769KB
-
Sample
240902-kefyqsxcnd
-
MD5
103e969c365b0603d89a259f30984820
-
SHA1
72fe563bf69448c02b1d70b9b09320295cb28c64
-
SHA256
7e0c2873e65dda6ec572bd59b846d794aba1c16746676f2c7e378e2aa96bb1ae
-
SHA512
bbebda62a833a39050471be3e656340b2fd695ded0fba1914ebc8efe8224e6678bd90e29750171f461ebfe56de3732000cd60c7c1d76f47d7d8fb67c61e45165
-
SSDEEP
24576:0jwdGKe/eqF2VveP2ES6YOecDYWnpTI5GIax/Lkl07N:00dMCve2TOeuvpT4raOG
Static task
static1
Behavioral task
behavioral1
Sample
103e969c365b0603d89a259f30984820N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
103e969c365b0603d89a259f30984820N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAFfPnSoEnQ7t4FKDH0Jch2gKTwGo4oCCAs/sendMessage?chat_id=2065242915
Targets
-
-
Target
103e969c365b0603d89a259f30984820N.exe
-
Size
769KB
-
MD5
103e969c365b0603d89a259f30984820
-
SHA1
72fe563bf69448c02b1d70b9b09320295cb28c64
-
SHA256
7e0c2873e65dda6ec572bd59b846d794aba1c16746676f2c7e378e2aa96bb1ae
-
SHA512
bbebda62a833a39050471be3e656340b2fd695ded0fba1914ebc8efe8224e6678bd90e29750171f461ebfe56de3732000cd60c7c1d76f47d7d8fb67c61e45165
-
SSDEEP
24576:0jwdGKe/eqF2VveP2ES6YOecDYWnpTI5GIax/Lkl07N:00dMCve2TOeuvpT4raOG
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-