General
-
Target
cdd838b45d524d101528eb39a33e581998201df12a62db5c57d550f7dc20b16e.exe
-
Size
989KB
-
Sample
240924-mqldpsvelb
-
MD5
2d9e12038fbc6ecca8d73a6f6d55e7ff
-
SHA1
15e90442324db3b01818eda28ec701b5f3a23967
-
SHA256
cdd838b45d524d101528eb39a33e581998201df12a62db5c57d550f7dc20b16e
-
SHA512
9ac5701e7b585bb536822e64dc6c1177e5d1b38f439fe1899d72b4923b4e045ada7a4f5d45d578893528222b4cbb9a2a6d1f31f6269ed65778f7149c15962862
-
SSDEEP
12288:ft4SNdTyUNhF0pM/4Uy2xui0M8dpFwVRhDiO9FhOGCJuiCLz8ZGbCh/gjT9vx9uU:L1YMaP1C8GbChy
Static task
static1
Behavioral task
behavioral1
Sample
cdd838b45d524d101528eb39a33e581998201df12a62db5c57d550f7dc20b16e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cdd838b45d524d101528eb39a33e581998201df12a62db5c57d550f7dc20b16e.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7886689522:AAEAstXIGqlMovFdOeUunu3QKnY0TQjsfNU/sendMessage?chat_id=6332556808
Targets
-
-
Target
cdd838b45d524d101528eb39a33e581998201df12a62db5c57d550f7dc20b16e.exe
-
Size
989KB
-
MD5
2d9e12038fbc6ecca8d73a6f6d55e7ff
-
SHA1
15e90442324db3b01818eda28ec701b5f3a23967
-
SHA256
cdd838b45d524d101528eb39a33e581998201df12a62db5c57d550f7dc20b16e
-
SHA512
9ac5701e7b585bb536822e64dc6c1177e5d1b38f439fe1899d72b4923b4e045ada7a4f5d45d578893528222b4cbb9a2a6d1f31f6269ed65778f7149c15962862
-
SSDEEP
12288:ft4SNdTyUNhF0pM/4Uy2xui0M8dpFwVRhDiO9FhOGCJuiCLz8ZGbCh/gjT9vx9uU:L1YMaP1C8GbChy
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-