General
-
Target
dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef.exe
-
Size
1.0MB
-
Sample
240903-c8s66awfng
-
MD5
f17de66b33be33361fbd073e8751042f
-
SHA1
e8f417ebb6b074bc21fc77b7f158347c2237ce65
-
SHA256
dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef
-
SHA512
808a17ce8ebc84f182fc1e1e6a60e9003a23fae928d19c48ac1d18f0d725a315a9e2542b4c20dca1e98c5a19245bcf52e9fbc0a5a789b3aa0b319e12f4fbb5a7
-
SSDEEP
24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aBR/KiSUZ:XTvC/MTQYxsWR7aBlnT
Static task
static1
Behavioral task
behavioral1
Sample
dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6771753441:AAEtW-sv17Uhb9H07XMq_7Iqh1LR5PcwQJ0/sendMessage?chat_id=1928664850
Targets
-
-
Target
dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef.exe
-
Size
1.0MB
-
MD5
f17de66b33be33361fbd073e8751042f
-
SHA1
e8f417ebb6b074bc21fc77b7f158347c2237ce65
-
SHA256
dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef
-
SHA512
808a17ce8ebc84f182fc1e1e6a60e9003a23fae928d19c48ac1d18f0d725a315a9e2542b4c20dca1e98c5a19245bcf52e9fbc0a5a789b3aa0b319e12f4fbb5a7
-
SSDEEP
24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aBR/KiSUZ:XTvC/MTQYxsWR7aBlnT
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-