General
-
Target
e9ace32d560ccb49b108664effb7ee9115128193441591de57ccdade2e8c7add
-
Size
1.2MB
-
Sample
240924-tc5zhsvfrh
-
MD5
8ea503dc9ccd406e8be7900aa0baf314
-
SHA1
705329e99306193c5d92c75d27991564c80bc0c3
-
SHA256
e9ace32d560ccb49b108664effb7ee9115128193441591de57ccdade2e8c7add
-
SHA512
7b7d9051d6b638813b515b3b6fc34dff2ad7500b7e63842fcf56e3abfe1ec84198ec9208b9e91360ba463e17f73000333e676ab76d1e2ae00dbd3bbecd2d5a89
-
SSDEEP
24576:47mrlN5UlxU7qwtMc3lKXX1MOeZ3IMB9aQMcVPJiocCNv+2qldfd9:4gNilxU7q4McV2RDM/HRhioH+2cT
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Bank Details.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Bank Details.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Bank Details.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.volleymarketing.com - Port:
25 - Username:
[email protected] - Password:
volley@1234 - Email To:
[email protected]
Targets
-
-
Target
Bank Details.exe
-
Size
3.1MB
-
MD5
a6e4e89f00d68be02f99096e2a4a7354
-
SHA1
4e3a9c9642b81afb1796456f469351fb9206f6a6
-
SHA256
8e4c8220da40890346882eb27edbe5072ac81e47c2a78f4bc57dea2c4a7c7c4f
-
SHA512
ce5de98ba70b480f3f30c425f20ab767e67b0c1c6a0e8fa644edb40bc07d442c7f37f2276e239c763c34571c8980f7985675e6e82a95351c029da80905d85ed3
-
SSDEEP
12288:lzIuqPC3I1HwB/PhoNYXCMRIOxpbzJucOLCb3c2ZL/QgW0H0dhU:lz93IqBRogimbzJuccCb3c2K9dhU
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
Bank Details.exe
-
Size
3.1MB
-
MD5
a6e4e89f00d68be02f99096e2a4a7354
-
SHA1
4e3a9c9642b81afb1796456f469351fb9206f6a6
-
SHA256
8e4c8220da40890346882eb27edbe5072ac81e47c2a78f4bc57dea2c4a7c7c4f
-
SHA512
ce5de98ba70b480f3f30c425f20ab767e67b0c1c6a0e8fa644edb40bc07d442c7f37f2276e239c763c34571c8980f7985675e6e82a95351c029da80905d85ed3
-
SSDEEP
12288:lzIuqPC3I1HwB/PhoNYXCMRIOxpbzJucOLCb3c2ZL/QgW0H0dhU:lz93IqBRogimbzJuccCb3c2K9dhU
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-