General
-
Target
1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d.exe
-
Size
1.2MB
-
Sample
240926-bl1r2s1frf
-
MD5
bdfe2ec12bd1484da6771e1862f7a7cc
-
SHA1
ffe2ca6d0e9ff913c160b76261f5d55bedf0b278
-
SHA256
1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d
-
SHA512
cca00ddc1c6feb851123582af080217d006d41a03dc96efb86c7f94a1b0714c283835f04c59a612e91128a42d30e9838ee07e73d713de7a8297220d2c3b6dde8
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCTnQUPskpg4c6OOXSp6rDX7a+sG7nx3:7JZoQrbTFZY1iaCTLEENGd6rDX7RsGx
Static task
static1
Behavioral task
behavioral1
Sample
1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915
Targets
-
-
Target
1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d.exe
-
Size
1.2MB
-
MD5
bdfe2ec12bd1484da6771e1862f7a7cc
-
SHA1
ffe2ca6d0e9ff913c160b76261f5d55bedf0b278
-
SHA256
1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d
-
SHA512
cca00ddc1c6feb851123582af080217d006d41a03dc96efb86c7f94a1b0714c283835f04c59a612e91128a42d30e9838ee07e73d713de7a8297220d2c3b6dde8
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCTnQUPskpg4c6OOXSp6rDX7a+sG7nx3:7JZoQrbTFZY1iaCTLEENGd6rDX7RsGx
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-