General
-
Target
Pedido de Cotação-24100004_lista comercial.vbs
-
Size
523KB
-
Sample
241023-r5ayqsxfjl
-
MD5
071b2e84cdf90885bce11e5713dab307
-
SHA1
ea48ea5b782669f05084a4a1e374ff64c8f581c0
-
SHA256
400f748c614f60bac08d298dce6f55abd9c84c944f303ce6106260d93315b741
-
SHA512
a981122c9f3f2675f116c2b860e6f05016ab7be3a9cd9eee873af4f89ff7d93548cce9c020d79fa7bf191d04f664f127efadfdca5019b5ec2699498837d46664
-
SSDEEP
6144:BA/7iXwe0h73QXqs1SQl3GZF+lfd0okbN9VusXmFtzbVHcje9wYYhnQgjDHgs91+:LKhgamowdhkFuW0tXwjQg/p1+FWg
Static task
static1
Behavioral task
behavioral1
Sample
Pedido de Cotação-24100004_lista comercial.vbs
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.recsb.com - Port:
587 - Username:
[email protected] - Password:
1=vI*r6^ - Email To:
[email protected]
Targets
-
-
Target
Pedido de Cotação-24100004_lista comercial.vbs
-
Size
523KB
-
MD5
071b2e84cdf90885bce11e5713dab307
-
SHA1
ea48ea5b782669f05084a4a1e374ff64c8f581c0
-
SHA256
400f748c614f60bac08d298dce6f55abd9c84c944f303ce6106260d93315b741
-
SHA512
a981122c9f3f2675f116c2b860e6f05016ab7be3a9cd9eee873af4f89ff7d93548cce9c020d79fa7bf191d04f664f127efadfdca5019b5ec2699498837d46664
-
SSDEEP
6144:BA/7iXwe0h73QXqs1SQl3GZF+lfd0okbN9VusXmFtzbVHcje9wYYhnQgjDHgs91+:LKhgamowdhkFuW0tXwjQg/p1+FWg
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-