General
-
Target
4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91.exe
-
Size
1.2MB
-
Sample
240926-bx5kdasdnf
-
MD5
34280e3a145d8d865efedf422b568e46
-
SHA1
d5e2b2072a08a672d87446df36e513095945d151
-
SHA256
4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91
-
SHA512
20c33fc3b8ab2f6988bb8b149e625baad6d442b6e278ab0af1f4fe793272ccdf2803af503cf1e1e3ccd1da8503edfcf8d26745e685518d4b40023fb9c1dfa284
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6
Static task
static1
Behavioral task
behavioral1
Sample
4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0 - Email To:
[email protected]
Targets
-
-
Target
4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91.exe
-
Size
1.2MB
-
MD5
34280e3a145d8d865efedf422b568e46
-
SHA1
d5e2b2072a08a672d87446df36e513095945d151
-
SHA256
4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91
-
SHA512
20c33fc3b8ab2f6988bb8b149e625baad6d442b6e278ab0af1f4fe793272ccdf2803af503cf1e1e3ccd1da8503edfcf8d26745e685518d4b40023fb9c1dfa284
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-