General
-
Target
script_decoded.ps1
-
Size
31KB
-
Sample
241105-ss47gssqdy
-
MD5
0e7098ab1308e2b8376bbeff1bb0c0a9
-
SHA1
1af3f6f5d2e1d857983abb33a38e2e68ec010f09
-
SHA256
a967281b40b827e8e2e4f51656dc63f9812006dd034d2565ff9366c3f04eaf20
-
SHA512
5f2531b2d9464c20689d994a3b8bc1f0aab5b7732bcfd42b5f18e262ddbca14fa6a416c987eb27ed97a1db0c9c572c8dc32816895761f8325d304c4f1e040fe1
-
SSDEEP
768:w0SUlvkUjIiKjOEEPx7GP7J7X9tS7jUXJSs11OaUxLJ:w7UlcnRCEEPxcRw7ejNCV
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1gG6oKWt0u4miMrNJmaJa_7A5FKjLXRFV
Extracted
Protocol: smtp- Host:
mail.tlakovec.si - Port:
587 - Username:
[email protected] - Password:
@nartsantelps
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.tlakovec.si - Port:
587 - Username:
[email protected] - Password:
@nartsantelps - Email To:
[email protected]
Targets
-
-
Target
script_decoded.ps1
-
Size
31KB
-
MD5
0e7098ab1308e2b8376bbeff1bb0c0a9
-
SHA1
1af3f6f5d2e1d857983abb33a38e2e68ec010f09
-
SHA256
a967281b40b827e8e2e4f51656dc63f9812006dd034d2565ff9366c3f04eaf20
-
SHA512
5f2531b2d9464c20689d994a3b8bc1f0aab5b7732bcfd42b5f18e262ddbca14fa6a416c987eb27ed97a1db0c9c572c8dc32816895761f8325d304c4f1e040fe1
-
SSDEEP
768:w0SUlvkUjIiKjOEEPx7GP7J7X9tS7jUXJSs11OaUxLJ:w7UlcnRCEEPxcRw7ejNCV
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Blocklisted process makes network request
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-