General
-
Target
31814c711a3d0dcc1688603c1bf885d8ae5313db47613f144fefad7f3faf5c2f
-
Size
792KB
-
Sample
240927-hr1skatckh
-
MD5
551ddf29e4583c344312a6456a3f2d5a
-
SHA1
23bdb3498dd150c84fe8433a534989fdde3c0d5f
-
SHA256
31814c711a3d0dcc1688603c1bf885d8ae5313db47613f144fefad7f3faf5c2f
-
SHA512
4f392d631e6cab78fe43ef36cce27a7996265564ef44cbc88b0ec6f7e2fde5a22b87005c48622c4c94890b5d56d44f2193aa0f9ebd6ab2bd17d66a1ef7dcf685
-
SSDEEP
24576:CEQyl8zfv2GjJmnEm1bhnW0ge9AJdF0hip+rt0dn7KB4:CCfqJmEmhhWvaWGhMtEB4
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857
Targets
-
-
Target
PIT87678900098000.scr
-
Size
807KB
-
MD5
c225921062cb8749387cd03c7cf1486a
-
SHA1
2f5f025d3d77a7b7282e5a3e72810164a9b5966d
-
SHA256
84943f07b991e0b13893e5d9f5795d1e7a70a486318c5106a0fee6fed67904c5
-
SHA512
1757e73549dd61897e47ecb7e5e879e1f48f0623c57b1ccff7cfc1999e90ad21b65848f9fa2e6fb67964177f045be0755179c37c9ab87274fb80d26b0a8d49fe
-
SSDEEP
24576:tthEVaPqLxA5nG0QeJAVR/YhipCPTO3VzKNH:VEVUcq5GJooAhMfwNH
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-