General
-
Target
Unmovablety.exe
-
Size
541KB
-
Sample
240902-lfl2taxbqk
-
MD5
f1f60d1a0e1fb37935260f7404efb573
-
SHA1
6cbf09ce82885ae8a3006a8c1b0a86ad42d4e55c
-
SHA256
94410d4feaedbb9e2d405cedf3d950c83b0a1d9e0546ba536c5f5ff45c38898e
-
SHA512
ff29bc44c8b930a9ee9da6f2e26a2a01af1a38d805e8d6ead9115faa92aa10c198ed12339f79c583743dc7919114be15fddf8cad35eb2cc7c69f2dd87764bae4
-
SSDEEP
12288:WZYdCQrWEIxoOOpSRB1fVFGBMLSn0RrvXKCFfaM3ivOqjz:W2dCQpPpS9fVFGBMLI0l62yMyvO6z
Static task
static1
Behavioral task
behavioral1
Sample
Unmovablety.exe
Resource
win7-20240729-es
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7480851360:AAFGFIgeYioB7dUKsMFuCrt400Zxu2IugeM/sendMessage?chat_id=6070006284
Targets
-
-
Target
Unmovablety.exe
-
Size
541KB
-
MD5
f1f60d1a0e1fb37935260f7404efb573
-
SHA1
6cbf09ce82885ae8a3006a8c1b0a86ad42d4e55c
-
SHA256
94410d4feaedbb9e2d405cedf3d950c83b0a1d9e0546ba536c5f5ff45c38898e
-
SHA512
ff29bc44c8b930a9ee9da6f2e26a2a01af1a38d805e8d6ead9115faa92aa10c198ed12339f79c583743dc7919114be15fddf8cad35eb2cc7c69f2dd87764bae4
-
SSDEEP
12288:WZYdCQrWEIxoOOpSRB1fVFGBMLSn0RrvXKCFfaM3ivOqjz:W2dCQpPpS9fVFGBMLI0l62yMyvO6z
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-