General
-
Target
96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93.exe
-
Size
700KB
-
Sample
240926-chal5a1bnp
-
MD5
9d2a73cf8ebd46cc833de56c9940d0b7
-
SHA1
b5b76de46b9d3175c21dc5963fa5c3e85ca29996
-
SHA256
96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93
-
SHA512
c7bf6b079f7d894c9fefe4c17449c76f8b9533f11521b66b4ceb7c1d9f03b2cad3bf727a56ea0b7ec6105d0f4bc91a8dae7f44dab07a193cb458e22dd3b1dc6f
-
SSDEEP
12288:Gd71xg6zxcZOtyG5t4naxZvbUL0YIevp5sFy446x/pVM876/pBL0Of+E1pDjw:v6ziZGgnax9bUL0Cvok44ALL0fzf1U
Static task
static1
Behavioral task
behavioral1
Sample
96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93.exe
Resource
win10v2004-20240910-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.bellstone.in - Port:
587 - Username:
[email protected] - Password:
N % m @, . , .2 0 2 10 7 - Email To:
[email protected]
Targets
-
-
Target
96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93.exe
-
Size
700KB
-
MD5
9d2a73cf8ebd46cc833de56c9940d0b7
-
SHA1
b5b76de46b9d3175c21dc5963fa5c3e85ca29996
-
SHA256
96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93
-
SHA512
c7bf6b079f7d894c9fefe4c17449c76f8b9533f11521b66b4ceb7c1d9f03b2cad3bf727a56ea0b7ec6105d0f4bc91a8dae7f44dab07a193cb458e22dd3b1dc6f
-
SSDEEP
12288:Gd71xg6zxcZOtyG5t4naxZvbUL0YIevp5sFy446x/pVM876/pBL0Of+E1pDjw:v6ziZGgnax9bUL0Cvok44ALL0fzf1U
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-