General
-
Target
tmtzxc.doc
-
Size
590KB
-
Sample
241001-r27hjavcjp
-
MD5
08d1a4e26971fd55013dbc7d2744b2a5
-
SHA1
dd813694fc67b536f242ae7dd3deff14458b82ba
-
SHA256
fd1ca8e9ebe962f23b55669ea495bdb32073b7359031e80a7067d387c0bfa8dc
-
SHA512
3c34748ed68738a24d6c7f1482b4b2f5a26fb6c2a85a1fc0a5303123928fb56974532af9d43b9bb9027558a03be79cf31b48a0c4cb28c41fd833f25e8bb035b6
-
SSDEEP
3072:nsa7eTzUetoCmiSHnm3WscLmvSVs+aN0X4rP55:nsYeXSG3WscLmvSa+aNyG55
Static task
static1
Behavioral task
behavioral1
Sample
tmtzxc.rtf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
tmtzxc.rtf
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.cybertechllc.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
tmtzxc.doc
-
Size
590KB
-
MD5
08d1a4e26971fd55013dbc7d2744b2a5
-
SHA1
dd813694fc67b536f242ae7dd3deff14458b82ba
-
SHA256
fd1ca8e9ebe962f23b55669ea495bdb32073b7359031e80a7067d387c0bfa8dc
-
SHA512
3c34748ed68738a24d6c7f1482b4b2f5a26fb6c2a85a1fc0a5303123928fb56974532af9d43b9bb9027558a03be79cf31b48a0c4cb28c41fd833f25e8bb035b6
-
SSDEEP
3072:nsa7eTzUetoCmiSHnm3WscLmvSVs+aN0X4rP55:nsYeXSG3WscLmvSa+aNyG55
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-