General
-
Target
24102024_1518_24102024_PIOE56709876780002.doc.z
-
Size
828KB
-
Sample
241024-sp4fsawcqp
-
MD5
a5109406c4805f77e61578c454561cb7
-
SHA1
e87c86dda88add7c6b65dd91ddea046f1d038d02
-
SHA256
6bb4a893e9ff53ecd6d254144772d82f3bf5aa12e0844a40f5c8c4a09441d743
-
SHA512
dc56df67b65c213e2ebfc77badcb1c2eaea2ebc5e8bba940d00d7b37ad02453215d90f2653531e8a4b71e6e97ed5df96b377dcaf792da390dcad273a4b725bc6
-
SSDEEP
12288:mHoeBccgwo0p8WDeARmi/DFz8EUsRJPC5LJvlwr7/oLw/h+PdTgaCL4qxuki8AmR:mIGccgop8WfX/DKE5JC5LJvGguOAHcaP
Static task
static1
Behavioral task
behavioral1
Sample
PIOE56709876780002.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PIOE56709876780002.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857
Extracted
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t
Targets
-
-
Target
PIOE56709876780002.exe
-
Size
1.2MB
-
MD5
ea3273984038ab81206e74dcf5c3f04e
-
SHA1
4cfedc14c31c4364382bf2865a14f82f3d2188db
-
SHA256
68a1fa9a0a9dc5fbd2746b1103dc4ced27824bf12d99c50eedad5b19a3f640de
-
SHA512
73d917ec4226de83d4b64e90d1d13243092ab21f43526bba9fbff27674640f2efb92462ba61ada50c9467501cbc12d2e7073a2c59e4b076a378f623430ff0796
-
SSDEEP
24576:5fmMv6Ckr7Mny5QtMdiJJCtLxLe6aiCH2aE:53v+7/5QtMDLheMY2/
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-