General
-
Target
49116e53eb34dff3b051e5c121ad4599f5548d1c4182f4402184faf432286805.exe
-
Size
1.2MB
-
Sample
241010-byfyeatdrg
-
MD5
092a583e97e34a5de0bf949723619f15
-
SHA1
9baeab0702a32e85603589ada024fd7a67284b48
-
SHA256
49116e53eb34dff3b051e5c121ad4599f5548d1c4182f4402184faf432286805
-
SHA512
0c6298ea6083647618dd9d47631a5ee51b00bfae3d71cb0789a8b4998b7b983bfdd2ef16e5f300035a168e523089fc1eed0a95a0d9c29d0844e7796885957bc2
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC3QNY52UODpFrblBPsmVSZRG8hP:7JZoQrbTFZY1iaCB2BDpFfHSn
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.dataservice.tv - Port:
587 - Username:
[email protected] - Password:
JH45!n31dSw2 - Email To:
[email protected]
Targets
-
-
Target
49116e53eb34dff3b051e5c121ad4599f5548d1c4182f4402184faf432286805.exe
-
Size
1.2MB
-
MD5
092a583e97e34a5de0bf949723619f15
-
SHA1
9baeab0702a32e85603589ada024fd7a67284b48
-
SHA256
49116e53eb34dff3b051e5c121ad4599f5548d1c4182f4402184faf432286805
-
SHA512
0c6298ea6083647618dd9d47631a5ee51b00bfae3d71cb0789a8b4998b7b983bfdd2ef16e5f300035a168e523089fc1eed0a95a0d9c29d0844e7796885957bc2
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC3QNY52UODpFrblBPsmVSZRG8hP:7JZoQrbTFZY1iaCB2BDpFfHSn
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-