General
-
Target
f90de6acf6cfd25733db2d3d0f64081ec563abe1923a48adf768f8663e588c0c.exe
-
Size
1.1MB
-
Sample
241124-sv9jzswkgx
-
MD5
41a5476c8e01c2e0f1388ecdaed36694
-
SHA1
2261898473605ed808ae4d90d92716e52db639dd
-
SHA256
f90de6acf6cfd25733db2d3d0f64081ec563abe1923a48adf768f8663e588c0c
-
SHA512
47d9ae3079650e46e60ec6773b344a953b15869bdf9c7e3b55fd441aa1797b587cb7c340695ae1e102cb902d43ab1343f46ba82fa6e4fdf814aac1100fa4cb66
-
SSDEEP
24576:9tb20pkaCqT5TBWgNQ7acSD+Kq7/0noQRge5AtDfi36A6:uVg5tQ7acSD+Kqb0oQStE56
Malware Config
Extracted
vipkeylogger
Extracted
Protocol: smtp- Host:
mail.phoenixexports.co.in - Port:
587 - Username:
[email protected] - Password:
phex1234
Targets
-
-
Target
f90de6acf6cfd25733db2d3d0f64081ec563abe1923a48adf768f8663e588c0c.exe
-
Size
1.1MB
-
MD5
41a5476c8e01c2e0f1388ecdaed36694
-
SHA1
2261898473605ed808ae4d90d92716e52db639dd
-
SHA256
f90de6acf6cfd25733db2d3d0f64081ec563abe1923a48adf768f8663e588c0c
-
SHA512
47d9ae3079650e46e60ec6773b344a953b15869bdf9c7e3b55fd441aa1797b587cb7c340695ae1e102cb902d43ab1343f46ba82fa6e4fdf814aac1100fa4cb66
-
SSDEEP
24576:9tb20pkaCqT5TBWgNQ7acSD+Kq7/0noQRge5AtDfi36A6:uVg5tQ7acSD+Kqb0oQStE56
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-