General
-
Target
malw.exe
-
Size
1.2MB
-
Sample
241004-p1sxmsvcnl
-
MD5
86266ceb35b8a3a497b18e24b0806a10
-
SHA1
efaf260d414b67ce2c12e963cb854de7dd27eb2f
-
SHA256
028531a927dfa6ba26dca896c2a846c9ac7c2375a9bc33a08d8984a24875b901
-
SHA512
351ef5dd13e7793db789e96c3af6f361e23129a19eb8e03ac82017548832f28582b112734bcaf1a5fa613485bd2dc6a074abcc8b47d38f9f794f0e9ba9939f88
-
SSDEEP
24576:WfmMv6Ckr7Mny5QjKp8+KjF3FpBVQCghm5kxYDD:W3v+7/5QjKp8+8F1p/QBhm5kxYf
Static task
static1
Behavioral task
behavioral1
Sample
malw.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
malw.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7199749562:AAENvtzJ5s6GzgApZCC89PykEJ-xDjk5EiY/sendMessage?chat_id=7105655241
Targets
-
-
Target
malw.exe
-
Size
1.2MB
-
MD5
86266ceb35b8a3a497b18e24b0806a10
-
SHA1
efaf260d414b67ce2c12e963cb854de7dd27eb2f
-
SHA256
028531a927dfa6ba26dca896c2a846c9ac7c2375a9bc33a08d8984a24875b901
-
SHA512
351ef5dd13e7793db789e96c3af6f361e23129a19eb8e03ac82017548832f28582b112734bcaf1a5fa613485bd2dc6a074abcc8b47d38f9f794f0e9ba9939f88
-
SSDEEP
24576:WfmMv6Ckr7Mny5QjKp8+KjF3FpBVQCghm5kxYDD:W3v+7/5QjKp8+8F1p/QBhm5kxYf
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-