General
-
Target
887c2c6eef80dddcab940f303563c2f347d8e442e102ccfc4e041f3a5635ca32
-
Size
570KB
-
Sample
241104-hjgpqawjcw
-
MD5
0d5fcb004df40c0bfed437511bb7661d
-
SHA1
e09c764dc48fd8568a8dcd2f07c09362c830abc7
-
SHA256
887c2c6eef80dddcab940f303563c2f347d8e442e102ccfc4e041f3a5635ca32
-
SHA512
4375893a324cf8e586e6f4ff1530454a0fb34ddd2e8abcb2026bb43e8c13d2496534fbbc12ad48e2c0861d632f006ae25e082b7d25cae17e6babeea0ccb83735
-
SSDEEP
12288:Wjzyr1sZAJMO/CJhy5CPj0MXS9y7LF9rVSwQdX5XOLfx8+C7m6ggITpe:6yruAC4CJMuJi9y7BXo+aqBgITpe
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
Jc.2o3o@ - Email To:
[email protected]
Targets
-
-
Target
MAWB,CI and PL.exe
-
Size
661KB
-
MD5
2119b4c15a036b7e407a7483a89ecdbf
-
SHA1
37c3c28bba3f2482e92b3b0ef570c2ba6f3167a8
-
SHA256
66c79a5e56a0b28126534ded1e9dd50e2de460fb671c49e7cf7a365568c7067b
-
SHA512
0dc2fbec1eed5cde2bf221c4b95a8cf232fcc922ff8b791cef8b4e816f7bccb1ee3c7b4510fc7aa78a74052dbd5694e1ce3ed55765ba8d1358529b9371829c0b
-
SSDEEP
12288:2XJ/BQ9wbOEvCJhy5aFj0MbS9ytLF9vVSaQ5X5X8LfH8+C7uPgITpm:8/rOuCJMyJu9ytBfaM8aPgITpm
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-