General
-
Target
22102024_1615_22102024_FACTURA-ALBARANES.rar
-
Size
244KB
-
Sample
241022-tqedqawbqk
-
MD5
4bf1c1936a20fcc02b2a617715a79d11
-
SHA1
25ec33acf253ca93b38723a9060797d6045ea9c0
-
SHA256
61b591d83b08a6b69b5b91e416f9046db5d6f99e98e8a1c61b2fe94e52904f87
-
SHA512
d58df0f9e8689bd5e9eb12ab5d85391aae4b212aab96c22f426ea66bd7e96024168e55b53739eac4fadc9b56eccf01a6c2e9c6bd70fa79d4ff45ce28841ddfe1
-
SSDEEP
6144:RvaHixAVgdnOaIJb4awyhCAtD5TsHsWjJb98LJaDZT+H:xaCOVg89cyBDGMWjVuLJaFiH
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
1446010 - Email To:
[email protected]
Targets
-
-
Target
FACTURA-ALBARANES.vbs
-
Size
525KB
-
MD5
2358bb1bd8cf609df9f1917cf4224194
-
SHA1
45e0ca20b16c048979d95b59f40475f8fa282e32
-
SHA256
982fc9bb4315f9e7114479b0a684873cbdc9e99ed75d96a342fd46235f59e84e
-
SHA512
c2c0e324c07f027edb5e6c34ce368b7d3387fddf6078e5e17c80efa9211381ff58dc27acc22511d0d9f0775b08a43eabfbd7a00061d9f6a3689d3c07a23e9230
-
SSDEEP
6144:By/7hX57oFbgZQmRmM0rdGqqgLpjDLkB8Gj+xJ9HQ5/vyGVi4dAMuUnhbeDLttD6:kyRgiYgqSjDoB4x7w5XLduIeD53Vgzeg
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-