General
-
Target
4b7224e2ef816708dd67a74f1cb422b0d06da9201555a19dc65f614088cf73c9N
-
Size
422KB
-
Sample
240930-bsd7mavcmd
-
MD5
e3eae1b0be50a137a3cffa184ea452b0
-
SHA1
d5fa5caaa57bd916c52801ca76f13d71b2d25b77
-
SHA256
4b7224e2ef816708dd67a74f1cb422b0d06da9201555a19dc65f614088cf73c9
-
SHA512
50053ee36efd0dab7a107753d042a7c84a43066d39723d7b104b962f797c843decf947ff414b89ff892f9ffda0d9519b7b98d84e3fcf935da0ce8bed339f462f
-
SSDEEP
12288:FDf0Cm2MGeKbl0rDhO7eWDMp/EqdEkfkxksRM7yuYzup/:1RLeKbGlceiMH8Pey1c/
Static task
static1
Behavioral task
behavioral1
Sample
TLS20242025.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
TLS20242025.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.makupachemists.co.ke - Port:
587 - Username:
[email protected] - Password:
Makupa@2030# - Email To:
[email protected]
Targets
-
-
Target
TLS20242025.exe
-
Size
898KB
-
MD5
bfabeaf94d00b7c6b4af9aa3463ff5a5
-
SHA1
0d9341d70a1e7e90c62ebcef43d1fcd2cf1b3506
-
SHA256
e03a2edda2530392f416b8d64b85a3ae890120e6c6d08317d21ac133576cb45d
-
SHA512
7058bf27c2fb70b564d2ac56a6be82b894abf911167c5d979049cf73c7ecd512ae392f84341d837747f0ba19428ae83c546c0e3e1727c0faad72f63bf47c6cf1
-
SSDEEP
12288:nQTfnBGYPexcjnR+iBlVDruhxBdae9yAaeNhmXGj4qSOU:4BGYWxcjRJPruhxBzUAi1zOU
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-