General
-
Target
Pedido de Cotação-24110004.vbs
-
Size
27KB
-
Sample
241104-sklp6sscqr
-
MD5
a09615be426add251a8564ea2ac62009
-
SHA1
86619d4a1ae0b6ff354b167c9fd1efd881239dbb
-
SHA256
4ae63307fe43b45affde507b3254404169c3ffa8709b8e321b0726e63ab955ab
-
SHA512
7bfb8ca91a2149bac5b9bcddaf6c63fb4db447c4953587ce942abe87d72cd2c2c9b64ede2bc433b410e80723213a1abbc2e13c826d8e7fcf53876a59665d3994
-
SSDEEP
384:tTl3OQDef2EDx+X+RHJaHgrXg7h9SNsZ4T:tTl3Zef2EkX+RHJaHgrXg7h9SNm4T
Static task
static1
Behavioral task
behavioral1
Sample
Pedido de Cotação-24110004.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Pedido de Cotação-24110004.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.itagres.com.my - Port:
587 - Username:
[email protected] - Password:
nana2106 - Email To:
[email protected]
Targets
-
-
Target
Pedido de Cotação-24110004.vbs
-
Size
27KB
-
MD5
a09615be426add251a8564ea2ac62009
-
SHA1
86619d4a1ae0b6ff354b167c9fd1efd881239dbb
-
SHA256
4ae63307fe43b45affde507b3254404169c3ffa8709b8e321b0726e63ab955ab
-
SHA512
7bfb8ca91a2149bac5b9bcddaf6c63fb4db447c4953587ce942abe87d72cd2c2c9b64ede2bc433b410e80723213a1abbc2e13c826d8e7fcf53876a59665d3994
-
SSDEEP
384:tTl3OQDef2EDx+X+RHJaHgrXg7h9SNsZ4T:tTl3Zef2EkX+RHJaHgrXg7h9SNm4T
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-