General
-
Target
250920240826WORFSF1432409171532042.tar
-
Size
853KB
-
Sample
240925-wg71sayenl
-
MD5
fefc4a42b1e718c286d0ce0f7b97f4a3
-
SHA1
7c0a51380f54bc339499fac06b717428855d3080
-
SHA256
6ab7ba29c912c00e870f68d20d2d5180bd900beb939b3c8fcf1190b333351cbe
-
SHA512
e470b587ec43bdcb004c8c9a18b0cb0c9518b9967a5274b140c07fd7dc75319343976f9815b6350cb49f867d87f7a644b61ad23a76aa55040998c6a560ca4a0b
-
SSDEEP
24576:bU+Q7KyXetQy2GfM94Wsrnpnz9AFDx6YXIrrxAf0wj5:bU195aZAJx6YXIXxAcwt
Static task
static1
Behavioral task
behavioral1
Sample
WOR-FSF-143_240917_153204 (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
WOR-FSF-143_240917_153204 (2).exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915
Targets
-
-
Target
WOR-FSF-143_240917_153204 (2).exe
-
Size
1.2MB
-
MD5
2683bb4f5ae50df4c512f244fa228a0f
-
SHA1
a6ebf6f22b98c6f2cc9af3a49a98e10e47a172ab
-
SHA256
82b489119b79e2d9cc297af667147d90c930ac88d6ee8a20b5d7c68eeb6a582a
-
SHA512
6cce63c5c64010df99671003b57bb09fa220f241d379bc5027708b61efbef59cabc035f0836343d7e06f22030d8dbb9afa9770701d984009f2280eb2f9642c00
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCPNXEOQGIxR7BeG3gCtgabdVBNT:7JZoQrbTFZY1iaCP+iIxneG3gybdlT
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-