General
-
Target
0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631N
-
Size
820KB
-
Sample
241109-ldly2asbld
-
MD5
db4ac563b162322d244eb7096cd7a290
-
SHA1
6b6c7e7e4ce6039bb880bc7394a4f6469fc1d39e
-
SHA256
0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631
-
SHA512
37776a56654a9b404cd5e8f5711d8fa1bda78fe30dc17de0307f63afbcab44ebacd87d85614380313a658c48f27e4fac942f4e579e0d9c63be39258ac5f98871
-
SSDEEP
12288:a+r35ockhNh5/CN7t+uFtrTynCSYca4xhtHG0akHpQtHyVJzi58F8X2:a++ckhpaN7/FFWmcFZfIynWCF8m
Static task
static1
Behavioral task
behavioral1
Sample
0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
kashmirestore.com - Port:
21 - Username:
[email protected] - Password:
tA5UkucAJ*[=
Extracted
vipkeylogger
Targets
-
-
Target
0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631N
-
Size
820KB
-
MD5
db4ac563b162322d244eb7096cd7a290
-
SHA1
6b6c7e7e4ce6039bb880bc7394a4f6469fc1d39e
-
SHA256
0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631
-
SHA512
37776a56654a9b404cd5e8f5711d8fa1bda78fe30dc17de0307f63afbcab44ebacd87d85614380313a658c48f27e4fac942f4e579e0d9c63be39258ac5f98871
-
SSDEEP
12288:a+r35ockhNh5/CN7t+uFtrTynCSYca4xhtHG0akHpQtHyVJzi58F8X2:a++ckhpaN7/FFWmcFZfIynWCF8m
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-