General
-
Target
19521218150.zip
-
Size
918KB
-
Sample
241021-sbqb1azcpj
-
MD5
cc3ab178c74ad35fb2cdf2c86cfea0de
-
SHA1
a79ef88607b6c8801773ddec887f00b0efc663e0
-
SHA256
a1a2abeaffd2e053efe1997a05a88837581230929f581bae934e49b75a1f81ad
-
SHA512
ac0deab0b24b632e2347093ef27c6cfc4e8c364ccb556d56afe783963570c33f18a2db7dbcc80fa35e80861f9bed76ffff57fcabc2b8c3359cfbc9f4ee4da968
-
SSDEEP
24576:pEhdhczygELHkAdI6KLr6FPpaptpzlkOLzzJAz:pEvyWHkA+r6Fhap9kOLfS
Static task
static1
Behavioral task
behavioral1
Sample
PROFOMA INVOICE 90021144577.exe
Resource
win11-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7229061445:AAE3FCrpjv4NkOLREC4l7rC81cO6xC0-XZI/sendMessage?chat_id=1934716051
Targets
-
-
Target
PROFOMA INVOICE 90021144577.exe
-
Size
1.2MB
-
MD5
1fee12ff03049fbdb2b704b38813b76e
-
SHA1
b36742ac22738ed0833d90fe9ea1f4e9ee37981c
-
SHA256
3184c6a5b7d08a422e58b2b8ad2f7e1087dde96f1586b641144a36e44caf6d52
-
SHA512
dea648c9c3ae22f69746650348035558596737db2b82f4c348d481bfd12397fc6289354ece41b1a5b1f26b934e979e558d0388bb9c21a9f75c7e09ba51ceb62b
-
SSDEEP
24576:ffmMv6Ckr7Mny5QL1XsfzZEJpEZ5sza+7wHaEb4m9qmj/IYE:f3v+7/5QL1+6SEcnbVbE
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-