General
-
Target
26092024_0022_25092024_Placanje_09242024.jpg.img
-
Size
1.8MB
-
Sample
240926-an666sygrf
-
MD5
b5653a8d6c545707563cacafbf2dfdcc
-
SHA1
f9f6cba09d2de348dae6899f901d7e5219e37e71
-
SHA256
64171f2d01482c0a9897285cd229ee172f3efa4638e67fae85bd29b05ff78231
-
SHA512
23d94bfa6061f5426f521677464202596ed43fee11e2cd1365505b6a151481675720716e077707df8921935b4faef765b1ffcb76681a406cf653b8a8439a5e48
-
SSDEEP
24576:zRmJkcoQricOIQxiZY1iaCy+d+ZcUd03vg5iofN7ayaMed5SS:AJZoQrbTFZY1iaC2cUd6WN7afMed5S
Static task
static1
Behavioral task
behavioral1
Sample
Placanje_09242024,jpg.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Placanje_09242024,jpg.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.dataservice.tv - Port:
587 - Username:
[email protected] - Password:
JH45!n31dSw2 - Email To:
[email protected]
Targets
-
-
Target
Placanje_09242024,jpg.exe
-
Size
1.2MB
-
MD5
f346359c143ffa9016bab7bf102a0d8f
-
SHA1
febbcb2cdda48b40529755ccfcb580c2f997471f
-
SHA256
c65f84d8ef98b362fc1126e29c16b2e24ae336b7fbf208294940466dd6c61629
-
SHA512
50377d22e5c2f6d919f3f7cf6506f90d3e805acb5ff84e99e76463e8f00151aa1f2254cf5e9c00520113023043f8df0b553156185f4a45523237a0f49524d2d6
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCy+d+ZcUd03vg5iofN7ayaMed5SS6:7JZoQrbTFZY1iaC2cUd6WN7afMed5S7
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-