General
-
Target
b816aee2dddb815d633c155c46bca42034ee6a1d6cd6a11e95a7613f25c5b573.exe
-
Size
1.2MB
-
Sample
240924-mdkawavalb
-
MD5
a6341915e2399564b7b8c054684eb043
-
SHA1
2dd341b5cbd71a6422691a0a0cbb66b1831a780e
-
SHA256
b816aee2dddb815d633c155c46bca42034ee6a1d6cd6a11e95a7613f25c5b573
-
SHA512
d4025a6f96b2f66a85034cf1adc750796fb130470b3f1ae350ad8cfe30bd2f7cabcef5dc0445e35d18b5980ad9e6e765749bc263d9f85b4839ce634106f52432
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCCCLMM+xGHB5r+iFvCDJESIWH4hoM:7JZoQrbTFZY1iaCCCLMM+xGHB5JFvCDg
Static task
static1
Behavioral task
behavioral1
Sample
b816aee2dddb815d633c155c46bca42034ee6a1d6cd6a11e95a7613f25c5b573.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b816aee2dddb815d633c155c46bca42034ee6a1d6cd6a11e95a7613f25c5b573.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.r011.com.br - Port:
21 - Username:
[email protected] - Password:
akP?=r0&YaA)
Extracted
vipkeylogger
Targets
-
-
Target
b816aee2dddb815d633c155c46bca42034ee6a1d6cd6a11e95a7613f25c5b573.exe
-
Size
1.2MB
-
MD5
a6341915e2399564b7b8c054684eb043
-
SHA1
2dd341b5cbd71a6422691a0a0cbb66b1831a780e
-
SHA256
b816aee2dddb815d633c155c46bca42034ee6a1d6cd6a11e95a7613f25c5b573
-
SHA512
d4025a6f96b2f66a85034cf1adc750796fb130470b3f1ae350ad8cfe30bd2f7cabcef5dc0445e35d18b5980ad9e6e765749bc263d9f85b4839ce634106f52432
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCCCLMM+xGHB5r+iFvCDJESIWH4hoM:7JZoQrbTFZY1iaCCCLMM+xGHB5JFvCDg
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-