General
-
Target
23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c.exe
-
Size
902KB
-
Sample
241126-cne4ssymht
-
MD5
fa02056b1a21f75efabdda81219fb7db
-
SHA1
3e8dd711bfef09d2db54af75476765d85693c756
-
SHA256
23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c
-
SHA512
af4c4a9d7e6ede0026548136fa4b7c37f8298d055a835a56baf9795bc5b0b3a034a5e2dd2592476c3479fe8b23da338ad615144a91a61b3a47dd6bee00de8088
-
SSDEEP
24576:ZX22KSCC4VSi/kKJfaklq2E3l8Et2F2Yurik:9ylCQLJfaklc3uEtUWT
Static task
static1
Behavioral task
behavioral1
Sample
23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
Logistica07 - Email To:
[email protected]
Targets
-
-
Target
23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c.exe
-
Size
902KB
-
MD5
fa02056b1a21f75efabdda81219fb7db
-
SHA1
3e8dd711bfef09d2db54af75476765d85693c756
-
SHA256
23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c
-
SHA512
af4c4a9d7e6ede0026548136fa4b7c37f8298d055a835a56baf9795bc5b0b3a034a5e2dd2592476c3479fe8b23da338ad615144a91a61b3a47dd6bee00de8088
-
SSDEEP
24576:ZX22KSCC4VSi/kKJfaklq2E3l8Et2F2Yurik:9ylCQLJfaklc3uEtUWT
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-