General
-
Target
e5c5ddffae1ceeb78eeeeb7f993f1901ef1398a660fe9ee2cfd30af3e479a3fe
-
Size
537KB
-
Sample
241003-cvlvxstdjg
-
MD5
c205f177636255f49ebf0e8fc350acd9
-
SHA1
213da57bd5a82bec552685cf3a0a8ef76d9ff370
-
SHA256
e5c5ddffae1ceeb78eeeeb7f993f1901ef1398a660fe9ee2cfd30af3e479a3fe
-
SHA512
30d730671364436b420eafbe17ebce6f820f51023bbf81c7fe50a8ded1e662b5b77abf63510e69150fe180a62544487f446c56f49a6ba86a63072cc59768cfdc
-
SSDEEP
12288:IIvvkkDXQjzz3sQIsDmS1l+6y0RWWX6tqb3tgey6ZzlsyLFp:XpAb3WYmmfy+rqtQdzZZsWFp
Static task
static1
Behavioral task
behavioral1
Sample
order details.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
order details.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7682425803:AAHHoZD1_lffPXz0N6EaljeP4aAXgk0EI3k/sendMessage?chat_id=2135869667
Targets
-
-
Target
order details.exe
-
Size
1023KB
-
MD5
6b752a6938b1e93f23ce8bd928ee84b8
-
SHA1
2984fdfed10fbc93829961376fe877d134142a20
-
SHA256
1ec28e8814497d10ce333d9ecd100ab86ec649e9b612a4349c7f0dbc382fca6f
-
SHA512
29015c682b4d7553a50449a16f09b0e9110a6ad97fcc24a4fc8e6127d5711bc3c9f8375239758c3e99560d25e672c1e836a68010cd860fa2b10fac30b7c7aec7
-
SSDEEP
12288:ssf/Q9N4Bw3XIlga8LunuX15h7cP1z4iE0EdCtqfGplddJDf+5IEO55zR+nyYr6:slalQLuuXk4iEiqfGVdJDf+UzNo
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-