General
-
Target
f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09.exe
-
Size
3.2MB
-
Sample
241115-dprdws1qdq
-
MD5
82471b3787ef695d285be55dff2da55e
-
SHA1
bdcb155617a142d58fbf999b40025be6afb6d6db
-
SHA256
f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09
-
SHA512
3ad715a17dc749571ff1c596eebcf9209a635188c67a5ced2ff9a1409a6646b8f92412e617705e0d65c54e12bbc16aa2e678bae8df9aa22474da73b23a7fe8ed
-
SSDEEP
12288:wQTWpMqvK0cRee6212DoNPqal+9RQ4MHEFydmk38wy1mv0+iETXO7yHKNKA:wQSMocRq21PDltzHEo38dg8KX6b4A
Static task
static1
Behavioral task
behavioral1
Sample
f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.tonicables.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09.exe
-
Size
3.2MB
-
MD5
82471b3787ef695d285be55dff2da55e
-
SHA1
bdcb155617a142d58fbf999b40025be6afb6d6db
-
SHA256
f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09
-
SHA512
3ad715a17dc749571ff1c596eebcf9209a635188c67a5ced2ff9a1409a6646b8f92412e617705e0d65c54e12bbc16aa2e678bae8df9aa22474da73b23a7fe8ed
-
SSDEEP
12288:wQTWpMqvK0cRee6212DoNPqal+9RQ4MHEFydmk38wy1mv0+iETXO7yHKNKA:wQSMocRq21PDltzHEo38dg8KX6b4A
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-