General
-
Target
d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1N
-
Size
897KB
-
Sample
240930-2ldwdsycnk
-
MD5
41e96a8eabf31d7b5abbeb15d5307b40
-
SHA1
0c406ef15662e8580a724ef05dfb04d76c222c9c
-
SHA256
d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1
-
SHA512
9912ba11bef1e1b084d88e852e538e054c61878300993a35de859d44c35600d262c43432a76ba72ec087258fcdd20624bdf9faf3f87c34e5dfe17b3d3c824ed4
-
SSDEEP
12288:uQTfJcX7m2QriOBq7bP7BqHwd//AulzaeNhmXGj4qTOU:+Xi2DgqBqQhAulzi1yOU
Static task
static1
Behavioral task
behavioral1
Sample
d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
Yx74dJ0TP3M= - Port:
25 - Username:
Yx74dJ0TP3M= - Password:
Yx74dJ0TP3M= - Email To:
Yx74dJ0TP3M=
https://api.telegram.org/bot6836590615:AAFwcOu-vD49QRMuWGekV93uJdtVWmZdWUw/sendMessage?chat_id=5007084465
Targets
-
-
Target
d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1N
-
Size
897KB
-
MD5
41e96a8eabf31d7b5abbeb15d5307b40
-
SHA1
0c406ef15662e8580a724ef05dfb04d76c222c9c
-
SHA256
d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1
-
SHA512
9912ba11bef1e1b084d88e852e538e054c61878300993a35de859d44c35600d262c43432a76ba72ec087258fcdd20624bdf9faf3f87c34e5dfe17b3d3c824ed4
-
SSDEEP
12288:uQTfJcX7m2QriOBq7bP7BqHwd//AulzaeNhmXGj4qTOU:+Xi2DgqBqQhAulzi1yOU
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-