General
-
Target
7c1ad8a54344a8a03746095e7c599266cf9c0a7d62b87e9b3e4a677e70539ed9
-
Size
536KB
-
Sample
240903-mcyf4svfpf
-
MD5
43250fd2686374021b7e5f2115c25804
-
SHA1
94d018be9a9c79285c6e4e5e0ce0afa6772ea08d
-
SHA256
7c1ad8a54344a8a03746095e7c599266cf9c0a7d62b87e9b3e4a677e70539ed9
-
SHA512
5c793b4cbc90dfbcc50ad12c90fd036fc20f57ed59f8043dd8987cb1a370467967a7c4ca1e6ca7fa72f60fd60dc48b8686714fb4815be7c465060e860096b1ce
-
SSDEEP
12288:K/nbhailLak44/I46g33kyDxnjVF+mfKJYdFSmyXFFhDsOfOw9PmQ3v:KfbLlt/G635nRF+kHdEmcFFhDF3Jm6
Static task
static1
Behavioral task
behavioral1
Sample
Skrumle.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6514469045:AAGgK1KLWbAJZ7dNmeGHg2OB9PfOTjGrT08/sendMessage?chat_id=6070006284
Targets
-
-
Target
Skrumle.exe
-
Size
549KB
-
MD5
278b43ed6614a0e9c3aff6f71413ec3e
-
SHA1
5a7f4d176616ddab152a042a0b51dc749342f234
-
SHA256
e6ef239f60467f0428bd611f70d544754a56143c661fa4a025b395f152575644
-
SHA512
274296754d8d2167f92f82e06a577162e8aafef1ad2abeadd1d62e291b4ca932df8e1315916f9bd4f50d281ff7b0398a3b4cec2e99b38361261c9ce0feca3fc5
-
SSDEEP
12288:WL7WI/16Qw1BP5eTTmvsKVzQInWdahufDou:WvW+16QG8sW5fcu
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-