General
-
Target
bfa52b7224ee898d9a5289e772fc2fde1bd9d59e74c2dbc104ec6231fb98abcc
-
Size
623KB
-
Sample
240924-mgxels1dkr
-
MD5
640d647a9d3b300f99eb950d47d8f88c
-
SHA1
bda0c3af77b17044615dc708716f2873bcf0c508
-
SHA256
bfa52b7224ee898d9a5289e772fc2fde1bd9d59e74c2dbc104ec6231fb98abcc
-
SHA512
33d3856967f6578511439cc17de2f0a850bd9a6eac7442015f4c0cadee5ef1b4ee09780e57242ee1805f00feb9b1d71d3d6256a53520b0b66b475db783bb5550
-
SSDEEP
12288:RWcIxlbIvH9J6qDF+oN8dlINqOUcvVECSWAbsEWvRCWz4TYs6bDKlOKr5Xri:ocIxlEvH9l+nd6lGCHEWJCW06GOKrNe
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation - NPN 80024835 document.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Request for Quotation - NPN 80024835 document.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
cp1.virtualine.org - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
Request for Quotation - NPN 80024835 document.exe
-
Size
3.3MB
-
MD5
0f00ba4a887b730b19d98989bccdb1e7
-
SHA1
15d9a8396eba164894033c81c0c790bbf190169e
-
SHA256
dc354b9f79ee0ccd712f7169a4fc0a9c6d7d60a3d5667bf9008132068d9beee5
-
SHA512
041bd2d7f4abf9a62915b49568d70a66dd38565c0eaac88911a0dd977155dd275989b2e4779729e08df89200cd19276dbfbd12e4c2313599674937b4e11d0f5d
-
SSDEEP
12288:gII7lJ6vv136qD5+oz8dFINSOScvByCSe2VeEWXXCIp45YWebRKVOKBhh:/I7l8vv1P+/dmHUCXEWnCIYe+OKBD
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-