General
-
Target
638264250924PDF.exe
-
Size
1.2MB
-
Sample
240925-xcap6athqh
-
MD5
7a2586f54288a95dc01fca7aa8a3bf54
-
SHA1
ac4cd20889afaccac8794fa54f8beb945c0e3526
-
SHA256
c576d03129a4176c8efb8a20f88b9183a4b9503670592295a9aae8b64e9c98d8
-
SHA512
f742cfccdd0816f637e54084e38c6a373d9a87bcbb3007059ea10b067c41848ece12de791719ca2ed8759250bb0dedda2b5639b086083d8d21ee3671cf5b748f
-
SSDEEP
24576:2RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1wI:TJZoQrbTFZY1iaG+1zS4KizYC3z9I
Static task
static1
Behavioral task
behavioral1
Sample
638264250924PDF.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
638264250924PDF.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
m1.wcloud.ro - Port:
587 - Username:
[email protected] - Password:
dobden2020@ - Email To:
[email protected]
Targets
-
-
Target
638264250924PDF.exe
-
Size
1.2MB
-
MD5
7a2586f54288a95dc01fca7aa8a3bf54
-
SHA1
ac4cd20889afaccac8794fa54f8beb945c0e3526
-
SHA256
c576d03129a4176c8efb8a20f88b9183a4b9503670592295a9aae8b64e9c98d8
-
SHA512
f742cfccdd0816f637e54084e38c6a373d9a87bcbb3007059ea10b067c41848ece12de791719ca2ed8759250bb0dedda2b5639b086083d8d21ee3671cf5b748f
-
SSDEEP
24576:2RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1wI:TJZoQrbTFZY1iaG+1zS4KizYC3z9I
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-