General
-
Target
35c85d14d32575890c8ed8b5514a2b559778e932abbca0f47c54f0ffac1528e1.uue
-
Size
869KB
-
Sample
240926-bs8fgayfpl
-
MD5
4e3f1140aa864113a3094f913b80c5bd
-
SHA1
8d0a8375a041293daea952a4ff9d8d6a22701a1c
-
SHA256
35c85d14d32575890c8ed8b5514a2b559778e932abbca0f47c54f0ffac1528e1
-
SHA512
99c9a9c02f4a65319ebf29cd8da84ac146bb4b8e99d290e0dbffe7da23653dbfe1648e5a91becc84cc9650d73d968a0d4aa23a4d1e6de1c3d380580b059716a1
-
SSDEEP
24576:w2Z/8wBZQqN6Xc2RD6th6KNdiCpkuPS76ERSJ:w298EZQa2UddiF76EoJ
Static task
static1
Behavioral task
behavioral1
Sample
doc17000320240923070456.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
doc17000320240923070456.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.osconsupplies.com - Port:
587 - Username:
[email protected] - Password:
Fin#OSCn@2k2
Extracted
vipkeylogger
Targets
-
-
Target
doc17000320240923070456.exe
-
Size
1.2MB
-
MD5
672e1968d4e6f0e763497659b0a20c4a
-
SHA1
857a01cbf3e530bbff46d7edf0fdad047463f097
-
SHA256
9d49009863fc15ea98c88541cc2038b71f28a4510d1ec4dab2ab9a137bf002cf
-
SHA512
07680c9ca4c33d18d0811fc03df0dbf01eba2dcbb7f2370fc58108eedf6aacfbae1497ea9c38d87301ef47a22e76121f983a10a78a74c5f280f7f2c4c2399a65
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCktaC+FyzRngMPYJopIHzJDPxV:7JZoQrbTFZY1iaCktaizRnpgOIH1PxV
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-