General
-
Target
a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f.exe
-
Size
844KB
-
Sample
241125-dbah8avjav
-
MD5
66ecc5207b13c8ab6e2289aae6fddde1
-
SHA1
9f6a9dec6a08fafd49908831ea27b0410b6bd934
-
SHA256
a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f
-
SHA512
80fded17f0ca1cf6c61600dadeaaf171de83de4276b11aefeda43f497a39c0f029af9284d604ae5d892cfb72eae6ad352ab4b07a40ac2eb7fc0270286974e6ae
-
SSDEEP
12288:8/AKvOjFE2PvzaAsXAxkdnJoAjXbQYi2yBZFVkh7aZMljR0lE/V5Je0sZptLOije:DoOGiwwxkBJoSr+zxU77jH5toptKigDf
Static task
static1
Behavioral task
behavioral1
Sample
a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8065526741:AAEj68BwW3BsUStAxrPkDSB2kLxwQ3yik84/sendMessage?chat_id=6897585916
Targets
-
-
Target
a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f.exe
-
Size
844KB
-
MD5
66ecc5207b13c8ab6e2289aae6fddde1
-
SHA1
9f6a9dec6a08fafd49908831ea27b0410b6bd934
-
SHA256
a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f
-
SHA512
80fded17f0ca1cf6c61600dadeaaf171de83de4276b11aefeda43f497a39c0f029af9284d604ae5d892cfb72eae6ad352ab4b07a40ac2eb7fc0270286974e6ae
-
SSDEEP
12288:8/AKvOjFE2PvzaAsXAxkdnJoAjXbQYi2yBZFVkh7aZMljR0lE/V5Je0sZptLOije:DoOGiwwxkBJoSr+zxU77jH5toptKigDf
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-