General
-
Target
CONSTRUCCIONESE.C.CASASS.L.ARTCULOSENORDENDECOMPRALISTAADJUNTA.vbs
-
Size
26KB
-
Sample
241105-n1k2cszhle
-
MD5
4fd80976e70f4d1bb775d5226e33f2d4
-
SHA1
67110d81f628a445ab14a235f432f4723272340a
-
SHA256
5609778f25f27c804c0d386b69c9a0fd5fb05dde185886d3d17547ff50adf237
-
SHA512
c148d327a2338f5f678c30fddfe3d6a808255f145c145f5a9f4250a1f1de5214740b37aef037ead8a14e6f522000b305ae62763029c38f490cad879e4d933a97
-
SSDEEP
192:bmRhBwAQ2p8gDxl7me/J9qG9NKV8+Eha3vqVHGDvSJNDmJBj+I4yS4Hm8KqcVOaO:6ke1dmidc9vyZmJsbySX8NHbrBvN1TWm
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.amenitieshotel.com - Port:
587 - Username:
[email protected] - Password:
HeibaPaco - Email To:
[email protected]
Targets
-
-
Target
CONSTRUCCIONESE.C.CASASS.L.ARTCULOSENORDENDECOMPRALISTAADJUNTA.vbs
-
Size
26KB
-
MD5
4fd80976e70f4d1bb775d5226e33f2d4
-
SHA1
67110d81f628a445ab14a235f432f4723272340a
-
SHA256
5609778f25f27c804c0d386b69c9a0fd5fb05dde185886d3d17547ff50adf237
-
SHA512
c148d327a2338f5f678c30fddfe3d6a808255f145c145f5a9f4250a1f1de5214740b37aef037ead8a14e6f522000b305ae62763029c38f490cad879e4d933a97
-
SSDEEP
192:bmRhBwAQ2p8gDxl7me/J9qG9NKV8+Eha3vqVHGDvSJNDmJBj+I4yS4Hm8KqcVOaO:6ke1dmidc9vyZmJsbySX8NHbrBvN1TWm
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-