General
-
Target
PO-2602.exe
-
Size
1.2MB
-
Sample
240930-kq132swcqj
-
MD5
e3322029b312a55d39c8f73f3ceab24e
-
SHA1
0a360cc0925d129389ab86dc3dc9a315f40824f3
-
SHA256
57bafeb2917ee325369b84c0908cd0d2368a053d60a909cacc3e4b34e14c5dc0
-
SHA512
f5cf3b0dfcfe871362328c78bc893c9b6fc2eee51dd3cf2bbf82cbeec8aed05a1b3ca545dd0ebf93e9bccb68cc7d75e4cf4332ac958952ee4b8a8cbf1ec6b159
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCiFH2nugtHYWQAwNeoVC1JkI:7JZoQrbTFZY1iaC6gtHRQAwhIJ
Static task
static1
Behavioral task
behavioral1
Sample
PO-2602.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
PO-2602.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915
Targets
-
-
Target
PO-2602.exe
-
Size
1.2MB
-
MD5
e3322029b312a55d39c8f73f3ceab24e
-
SHA1
0a360cc0925d129389ab86dc3dc9a315f40824f3
-
SHA256
57bafeb2917ee325369b84c0908cd0d2368a053d60a909cacc3e4b34e14c5dc0
-
SHA512
f5cf3b0dfcfe871362328c78bc893c9b6fc2eee51dd3cf2bbf82cbeec8aed05a1b3ca545dd0ebf93e9bccb68cc7d75e4cf4332ac958952ee4b8a8cbf1ec6b159
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCiFH2nugtHYWQAwNeoVC1JkI:7JZoQrbTFZY1iaC6gtHRQAwhIJ
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-