General
-
Target
2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84.exe
-
Size
1.2MB
-
Sample
240926-bqbzgs1hpa
-
MD5
f5dfde6ad31a771c96b361f25cb13940
-
SHA1
9331a1f3001723f5019a44c3464bcb82e77af9a2
-
SHA256
2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84
-
SHA512
e18b3a9bb4b3fa4051ea7545f986a7c15ac74b40ed4e3a0a773a1deca1ba37844cf00a3e67b36b0cf90d618f9634ee4c8644eb2b65459d0f21698d75010f9bb8
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCHhUCEkrtxt2lajjrZiDPvDJJ/V5Lq970:7JZoQrbTFZY1iaC6krcGrZiDXFJ/j2x0
Static task
static1
Behavioral task
behavioral1
Sample
2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
m1.wcloud.ro - Port:
587 - Username:
[email protected] - Password:
dobden2020@ - Email To:
[email protected]
Targets
-
-
Target
2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84.exe
-
Size
1.2MB
-
MD5
f5dfde6ad31a771c96b361f25cb13940
-
SHA1
9331a1f3001723f5019a44c3464bcb82e77af9a2
-
SHA256
2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84
-
SHA512
e18b3a9bb4b3fa4051ea7545f986a7c15ac74b40ed4e3a0a773a1deca1ba37844cf00a3e67b36b0cf90d618f9634ee4c8644eb2b65459d0f21698d75010f9bb8
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCHhUCEkrtxt2lajjrZiDPvDJJ/V5Lq970:7JZoQrbTFZY1iaC6krcGrZiDXFJ/j2x0
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-