General
-
Target
05112024_0106_Payment_Advice.pdf.bat.zip
-
Size
4KB
-
Sample
241105-bgjyqstmen
-
MD5
dd4aae98c77e12b5c46a75604e39f8d1
-
SHA1
e48897f0bc739d619aae9a985f77c9d44ec9daf5
-
SHA256
c58272a1c514f2c5705263251866bfe250cfce3d2b6091373265ff28e4a90205
-
SHA512
d6209a0adcce9c3956e148793a04f1cf08763a3bcae3f92f78572c983efd9c0ebaa86166be59282dbcb12a2c7913b0a3ad9ebab7184974fac67372204b213229
-
SSDEEP
96:lU4a4Z3yW29024fDByqQ9Oy9IRxiu1/P8k9/X4pNC0dLn6kK6SWlOdQIp8nE:m4DZCxXOtxiVy/Xp0dLndKClpIpiE
Malware Config
Extracted
Protocol: smtp- Host:
mail.jacopopacchioni.com - Port:
587 - Username:
[email protected] - Password:
Ct2mZ=B-7tCC2019
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.jacopopacchioni.com - Port:
587 - Username:
[email protected] - Password:
Ct2mZ=B-7tCC2019 - Email To:
[email protected]
Targets
-
-
Target
Payment_Advice.pdf.bat
-
Size
7KB
-
MD5
21f91634f445a50f35c006b0c020d0e5
-
SHA1
64515fa088794b3a62d9863a923b0826e55fecdc
-
SHA256
b86eb964387f5ed092dad608dd90e9db78fc16d813e6c0720ef409ff458df8d6
-
SHA512
cd85d95ffac19c47fd06ccc3ac21e6fa4448237572db89d95d0d4f880ef52661998743bb6a152727cf28e472becebc314e62f3f92aad4b5bd5aa885ca6662555
-
SSDEEP
192:83QlNCq7EH9QUjeYtgpcWOUSNAx21W9v7iBLzP3:4oNCqQ9XqYt2SNe214OJzP
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-