General
-
Target
bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f.exe
-
Size
1.2MB
-
Sample
241109-d3n6payrfp
-
MD5
9b25bf9d1b617ff88c10da68711b27cf
-
SHA1
dd61400ce42ee8029733d69d53181fa8b78358f8
-
SHA256
bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f
-
SHA512
57aa4e7b54c46e6a657b443c625b92752a9b44b9331da491c4f93f72a67386857452c856d2d09f285733bf53ac2acfc94cf2fccfc44c75c7efc7fda87afba8bd
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLjKQf0Q4GOwdhpsSN4V:f3v+7/5QLjKi0QdUzV
Static task
static1
Behavioral task
behavioral1
Sample
bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Extracted
Protocol: smtp- Host:
mail.deelumoulds.in - Port:
587 - Username:
[email protected] - Password:
Dv?X6s?K@&X?
Targets
-
-
Target
bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f.exe
-
Size
1.2MB
-
MD5
9b25bf9d1b617ff88c10da68711b27cf
-
SHA1
dd61400ce42ee8029733d69d53181fa8b78358f8
-
SHA256
bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f
-
SHA512
57aa4e7b54c46e6a657b443c625b92752a9b44b9331da491c4f93f72a67386857452c856d2d09f285733bf53ac2acfc94cf2fccfc44c75c7efc7fda87afba8bd
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLjKQf0Q4GOwdhpsSN4V:f3v+7/5QLjKi0QdUzV
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-