General
-
Target
dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf.exe
-
Size
1.2MB
-
Sample
241023-cbjlfsxdlm
-
MD5
67a119c3341f880bbdb5f2644d17f3b2
-
SHA1
2a28bddea438761f472cf39d3761b2b173ecc603
-
SHA256
dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf
-
SHA512
b142d5dac30db792571e5ea70c52abf20cfabd5a15c7b67f76d42c2f47d949098f5903bc9b1e06bc2f51c69ea7e0628a78d931b1ec94336e38678803a8341f76
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLepFSYvIPRc06cf1+C7C8wpM6ZCuOqg:ffmMv6Ckr7Mny5QLUFKjZiMICsTIZ
Static task
static1
Behavioral task
behavioral1
Sample
dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7725882686:AAEdNqRq1S4OfvxL8-nsXHOwdyw0BC3P-eQ/sendMessage?chat_id=7382809095
Targets
-
-
Target
dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf.exe
-
Size
1.2MB
-
MD5
67a119c3341f880bbdb5f2644d17f3b2
-
SHA1
2a28bddea438761f472cf39d3761b2b173ecc603
-
SHA256
dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf
-
SHA512
b142d5dac30db792571e5ea70c52abf20cfabd5a15c7b67f76d42c2f47d949098f5903bc9b1e06bc2f51c69ea7e0628a78d931b1ec94336e38678803a8341f76
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLepFSYvIPRc06cf1+C7C8wpM6ZCuOqg:ffmMv6Ckr7Mny5QLUFKjZiMICsTIZ
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-