General
-
Target
460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d.exe
-
Size
649KB
-
Sample
240903-bzwegsvbrg
-
MD5
f3bc4d185cf009d36d19faf6f683edde
-
SHA1
84caf78588dddc99ae38ff6e49f25647996f05b3
-
SHA256
460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d
-
SHA512
b5f85bfda6c79c7bacc709e90cf794a80ba9d3a460ebc0d85d2e41a03a0f0fb7b5cde7550fbc60f73dad278394f47cbbbd43807ce925a6fff485f3182aa226e4
-
SSDEEP
12288:fBKYvI8cbnlbviVApLEUB2pmz/9rKWqUhRKtJFArBWZlLhEkR:fOrdiWnB2gzFrKJUhqadWZNhj
Static task
static1
Behavioral task
behavioral1
Sample
460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7256817951:AAG5xzjRW132Bmj7Hw7uBdVfNrFphoCAQEc/sendMessage?chat_id=6326208361
Targets
-
-
Target
460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d.exe
-
Size
649KB
-
MD5
f3bc4d185cf009d36d19faf6f683edde
-
SHA1
84caf78588dddc99ae38ff6e49f25647996f05b3
-
SHA256
460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d
-
SHA512
b5f85bfda6c79c7bacc709e90cf794a80ba9d3a460ebc0d85d2e41a03a0f0fb7b5cde7550fbc60f73dad278394f47cbbbd43807ce925a6fff485f3182aa226e4
-
SSDEEP
12288:fBKYvI8cbnlbviVApLEUB2pmz/9rKWqUhRKtJFArBWZlLhEkR:fOrdiWnB2gzFrKJUhqadWZNhj
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-