General
-
Target
SC16C750BIB64 PHILIPS 2000pcs.exe
-
Size
1.2MB
-
Sample
241104-kq132sxgqh
-
MD5
de8b6a58bef6e9b6bbdf1bb043758294
-
SHA1
77ceef3047ec78dc73b5c3072374bd73be448e92
-
SHA256
d50d5ca7a97b53a566a6866cd4272b0bb1974f729493909369fad3a7a0784c0f
-
SHA512
2c35a2df8c8fb304522864564a60a9a66534e20b3be4f96b74d1d2f08d4e803e3f10ae2d81afee2e4593b4b0ca531132b6bb58b3e66fdd4dd8a4fc1895fe5135
-
SSDEEP
24576:cAHnh+eWsN3skA4RV1Hom2KXFmIaI9tlB/xjoKFZJ5:7h+ZkldoPK1XaI/j/xsGB
Malware Config
Extracted
Protocol: smtp- Host:
mail.singhalenterprise.com - Port:
587 - Username:
[email protected] - Password:
balkishan@123
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.singhalenterprise.com - Port:
587 - Username:
[email protected] - Password:
balkishan@123 - Email To:
[email protected]
Targets
-
-
Target
SC16C750BIB64 PHILIPS 2000pcs.exe
-
Size
1.2MB
-
MD5
de8b6a58bef6e9b6bbdf1bb043758294
-
SHA1
77ceef3047ec78dc73b5c3072374bd73be448e92
-
SHA256
d50d5ca7a97b53a566a6866cd4272b0bb1974f729493909369fad3a7a0784c0f
-
SHA512
2c35a2df8c8fb304522864564a60a9a66534e20b3be4f96b74d1d2f08d4e803e3f10ae2d81afee2e4593b4b0ca531132b6bb58b3e66fdd4dd8a4fc1895fe5135
-
SSDEEP
24576:cAHnh+eWsN3skA4RV1Hom2KXFmIaI9tlB/xjoKFZJ5:7h+ZkldoPK1XaI/j/xsGB
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-