General
-
Target
dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14N
-
Size
1.2MB
-
Sample
241003-cmnpjsshmh
-
MD5
51814cf41310b66113844b967c1146f0
-
SHA1
dd56ce15e8c4ed0c4e61aec6ae1cd0915bf6d2c3
-
SHA256
dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14
-
SHA512
eae90cd0acadeb31134db93cf209867b3fde6d10118b11d5875107ef7c2dd99aadf87ae91b094a035f27674d38a86fb9f034f5515e6b52d8359c1ca9a00b41ff
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCnmV5SY6QjL93/6FWu9vH1C5+ANA2uRghohzz53b:7JZoQrbTFZY1iaCsSYHv6FWcvH10+SAR
Static task
static1
Behavioral task
behavioral1
Sample
dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915
Targets
-
-
Target
dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14N
-
Size
1.2MB
-
MD5
51814cf41310b66113844b967c1146f0
-
SHA1
dd56ce15e8c4ed0c4e61aec6ae1cd0915bf6d2c3
-
SHA256
dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14
-
SHA512
eae90cd0acadeb31134db93cf209867b3fde6d10118b11d5875107ef7c2dd99aadf87ae91b094a035f27674d38a86fb9f034f5515e6b52d8359c1ca9a00b41ff
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCnmV5SY6QjL93/6FWu9vH1C5+ANA2uRghohzz53b:7JZoQrbTFZY1iaCsSYHv6FWcvH10+SAR
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-