General
-
Target
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d.exe
-
Size
1023KB
-
Sample
241004-cn5z8aygmm
-
MD5
5abd6361442edf2a48b887a5160ce0c4
-
SHA1
afb2e5346bbca875bea5c24fc89c8d3ecfa9ff53
-
SHA256
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d
-
SHA512
43d69f26e24e80acd85a8d5460c6aae229ea9d88d860f259f99930675a50c1ee4b5c24c1345ed081dd84c3be568a50d7889bff76ccf2063e4ca453e2ee6b3277
-
SSDEEP
24576:sl66HNUQq5cWT+X7iiclUZlkofGVdJDf+Uz2o:KqtlW/qJDfhz
Static task
static1
Behavioral task
behavioral1
Sample
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7682425803:AAHHoZD1_lffPXz0N6EaljeP4aAXgk0EI3k/sendMessage?chat_id=2135869667
Targets
-
-
Target
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d.exe
-
Size
1023KB
-
MD5
5abd6361442edf2a48b887a5160ce0c4
-
SHA1
afb2e5346bbca875bea5c24fc89c8d3ecfa9ff53
-
SHA256
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d
-
SHA512
43d69f26e24e80acd85a8d5460c6aae229ea9d88d860f259f99930675a50c1ee4b5c24c1345ed081dd84c3be568a50d7889bff76ccf2063e4ca453e2ee6b3277
-
SSDEEP
24576:sl66HNUQq5cWT+X7iiclUZlkofGVdJDf+Uz2o:KqtlW/qJDfhz
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-