General
-
Target
a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021ddN
-
Size
697KB
-
Sample
241021-m1p5msshmq
-
MD5
c333230877f39850bf7978774a2af0f0
-
SHA1
af44691d3855acf84aa883121d410d7a2476722f
-
SHA256
a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021dd
-
SHA512
3af1b0fde209e8388176d6d72fcad0bf02e41f2d1e1ef7342dc0b5ce21c1485a50aff66d7ffbcad8491b15365dc156482c463be6dac096b7e677485c1b20d289
-
SSDEEP
12288:o/yR+kRv9OnszAFZ4KKVeUaHu3PEvlhI4KUJEclSTxrpMjAVQ:5R+kV9On4KoV3PEthtEclSF1
Static task
static1
Behavioral task
behavioral1
Sample
a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021ddN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021ddN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.tmars.net - Port:
587 - Username:
[email protected] - Password:
More@123456789 - Email To:
[email protected]
Targets
-
-
Target
a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021ddN
-
Size
697KB
-
MD5
c333230877f39850bf7978774a2af0f0
-
SHA1
af44691d3855acf84aa883121d410d7a2476722f
-
SHA256
a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021dd
-
SHA512
3af1b0fde209e8388176d6d72fcad0bf02e41f2d1e1ef7342dc0b5ce21c1485a50aff66d7ffbcad8491b15365dc156482c463be6dac096b7e677485c1b20d289
-
SSDEEP
12288:o/yR+kRv9OnszAFZ4KKVeUaHu3PEvlhI4KUJEclSTxrpMjAVQ:5R+kV9On4KoV3PEthtEclSF1
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-