General
-
Target
P.I.rar
-
Size
777KB
-
Sample
240930-nqasmsshml
-
MD5
077c95f63d1afc0bcdb8e90950266d35
-
SHA1
44cb2638939945e91756028c7e3ecfb0f2fb4a70
-
SHA256
cc0aae85f487ba5223113115f450b48fad440ea76a775da472a65a3f3a92e980
-
SHA512
0c649461b0fc28b49734bc2ecff4c672cd6801f67e927e7e7c1ce382b7b74639b0eef0a440be8a3c16a0bd97cef74d7d56db1678e44c9081b845bfd33940889a
-
SSDEEP
24576:XGxnWXbE/a4NlkAweI7+0oQ2RhEm8wmp9vO2m5z6:XBE/aiqejPRF8hzv33
Static task
static1
Behavioral task
behavioral1
Sample
P.I.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.terrazza.hr - Port:
587 - Username:
[email protected] - Password:
Vodenjak123! - Email To:
[email protected]
Targets
-
-
Target
P.I.exe
-
Size
805KB
-
MD5
b6468b8eaaaebf85fa865fc21916f188
-
SHA1
635f172f33361c94f19e320f3f0361956a81127f
-
SHA256
3e39fdec85324251b3a2884f774f3427dddae31b9fca625ff3a7c4045ce4c9ef
-
SHA512
fd03e7e3c5eb08de6be8089a9653b5a8973c2db984557fc55442a03b1eb4754686c6ebb80afa9f172a0d565bc5db9b3f6118d9171c93e7a850709610bc6cf1b3
-
SSDEEP
12288:0CVTcsOSgBDm70Wxw2MKLtSGDvQhZybpi/3Qh0Uk7umqpo32nm3G4JxoZtWt:/VTcsrgw7de4SUviyw//7W2Gnm3Tw2t
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-