General
-
Target
373b92a75852ad139f31fb80c61214c980cb8e58a614039cb3801844b526fb0c
-
Size
854KB
-
Sample
241004-bg6shazekg
-
MD5
22268e1a82addc20945284fe32cfd379
-
SHA1
250f46c8248b31ba24d9d86f1bb48e6bf7d2991a
-
SHA256
373b92a75852ad139f31fb80c61214c980cb8e58a614039cb3801844b526fb0c
-
SHA512
dc14211687f3bbeba84602a9794ed64fff769a9228c6ae0aaaf69dc9de9be238e2832867f13621441efafe083817bb9a07544e9d0e19ccde0cdcb04e10007a75
-
SSDEEP
12288:3hiRx+9tkp5RE1Of9A7whWemYLZmlKexNdKiexaSQIRu0lZ1qsHpgxxvbxynf+yy:kYtaRE1WAkkBDBAx1X6m0peJP+v
Static task
static1
Behavioral task
behavioral1
Sample
01-10-2024_Route Rider.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
01-10-2024_Route Rider.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.d-excel.com.ph - Port:
587 - Username:
[email protected] - Password:
JPRilveria@88
Extracted
vipkeylogger
Targets
-
-
Target
01-10-2024_Route Rider.exe
-
Size
1.2MB
-
MD5
feb49c818a4d7e72318637768d254258
-
SHA1
c5fcf98829988b0bdbe22deb5a01be8da3a2f589
-
SHA256
f1364065e994a13924953a7ae7757b84aad616fc733acb897e4f0cca9db9c9ce
-
SHA512
867c4e29b9b4f11d1cb237a0f0bee6315c40f49465b3d4783482a347681f2d4bbdd97d6ebd83ab7f1664a0fae50293a82583d55738a35c512f0a02ddc5d5227f
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLYAqKhOhiF+MkLljxhp8K7g:f3v+7/5QLYTsF3mxhhg
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-