General
-
Target
Order.exe
-
Size
937KB
-
Sample
241106-akhz6s1gqh
-
MD5
7c3912191704f3a0a58729d74692b44f
-
SHA1
ceb7aa5e86b0136d1d4bdf8a595238fcccd3d757
-
SHA256
e3c81d02ea9f4168e60e8d6b41230245bfbaed8a67b9f23f7fe00ffb4931ce19
-
SHA512
c86d30c70373f9aaa6fbe4da5c33150ee35fb3e2377ab6d38e741a6838fee12092bec53446918101c70f3cc447fe1656ac4fc424f220e4071c71e283c2de2997
-
SSDEEP
24576:OiUmSB/o5d1ubcvq/XgV9CxFnwXjJBt72exIT1P:O/mU/ohubcvq/XgVkFnUtiea
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6820629737:AAGJ8tOkoD9jFHkd_L1kG1ntQ1J6zLhFsMc/sendMessage?chat_id=6783205225
Targets
-
-
Target
Order.exe
-
Size
937KB
-
MD5
7c3912191704f3a0a58729d74692b44f
-
SHA1
ceb7aa5e86b0136d1d4bdf8a595238fcccd3d757
-
SHA256
e3c81d02ea9f4168e60e8d6b41230245bfbaed8a67b9f23f7fe00ffb4931ce19
-
SHA512
c86d30c70373f9aaa6fbe4da5c33150ee35fb3e2377ab6d38e741a6838fee12092bec53446918101c70f3cc447fe1656ac4fc424f220e4071c71e283c2de2997
-
SSDEEP
24576:OiUmSB/o5d1ubcvq/XgV9CxFnwXjJBt72exIT1P:O/mU/ohubcvq/XgVkFnUtiea
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-