General
-
Target
BOLUDA CORPORACIÓN MARÍTIMA, S.L. PEDIDO 268e44.vbs
-
Size
526KB
-
Sample
241022-lz664a1gjj
-
MD5
7b8f65c95deba3838f09c3c5e8f06c0c
-
SHA1
23f1d2f39788402c16ba1f5d6932eb4bef6df983
-
SHA256
da852e6aeab8c6422eecc57d741aae2a49abd26ee2d29185c0fa8f898f4bdf71
-
SHA512
dd47543459445da9edbb596e987472eac6408159af6ddd55b174896cd6fb3b90f1ba8229d26ca7ebd6fff46b27a6ed7bfa1fc19d805e8c9bd7c0131a7bcf39ba
-
SSDEEP
6144:RV/75X5P9mqNDV7MbA9hftqVDrITVFWCTf90ieURGrMDI1xFz0zhdwu07QBmU1oI:9L/NhVQRI5FL9fTRMzKwuk41omig
Static task
static1
Behavioral task
behavioral1
Sample
BOLUDA CORPORACIÓN MARÍTIMA, S.L. PEDIDO 268e44.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
BOLUDA CORPORACIÓN MARÍTIMA, S.L. PEDIDO 268e44.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.daniberto.com - Port:
587 - Username:
[email protected] - Password:
Fabrica1221. - Email To:
[email protected]
Targets
-
-
Target
BOLUDA CORPORACIÓN MARÍTIMA, S.L. PEDIDO 268e44.vbs
-
Size
526KB
-
MD5
7b8f65c95deba3838f09c3c5e8f06c0c
-
SHA1
23f1d2f39788402c16ba1f5d6932eb4bef6df983
-
SHA256
da852e6aeab8c6422eecc57d741aae2a49abd26ee2d29185c0fa8f898f4bdf71
-
SHA512
dd47543459445da9edbb596e987472eac6408159af6ddd55b174896cd6fb3b90f1ba8229d26ca7ebd6fff46b27a6ed7bfa1fc19d805e8c9bd7c0131a7bcf39ba
-
SSDEEP
6144:RV/75X5P9mqNDV7MbA9hftqVDrITVFWCTf90ieURGrMDI1xFz0zhdwu07QBmU1oI:9L/NhVQRI5FL9fTRMzKwuk41omig
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-