General
-
Target
3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862
-
Size
1.2MB
-
Sample
241130-nlzk7sspbt
-
MD5
6512e4d388177410e48046e3c357e3ba
-
SHA1
bb948656b8965a0d0648e8a21d468385b9d8daee
-
SHA256
3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862
-
SHA512
207a58ef5b1d083f6a622d84aeec7aada62b11f5e7f6ac0b43cf847204d28f3cd5c53cfeeeafbeb07de6c960ccddad9b83aca286a2334d37a18f744096ffe2f3
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLwmOb1lKAoHpr0rvOfsWZsnhh2rmIc5Vmb7i:f3v+7/5QLVAiwvOyh2rsVmb7i
Static task
static1
Behavioral task
behavioral1
Sample
3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Extracted
Protocol: smtp- Host:
mail.ujexchange.com - Port:
587 - Username:
[email protected] - Password:
UJ@2022
Targets
-
-
Target
3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862
-
Size
1.2MB
-
MD5
6512e4d388177410e48046e3c357e3ba
-
SHA1
bb948656b8965a0d0648e8a21d468385b9d8daee
-
SHA256
3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862
-
SHA512
207a58ef5b1d083f6a622d84aeec7aada62b11f5e7f6ac0b43cf847204d28f3cd5c53cfeeeafbeb07de6c960ccddad9b83aca286a2334d37a18f744096ffe2f3
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLwmOb1lKAoHpr0rvOfsWZsnhh2rmIc5Vmb7i:f3v+7/5QLVAiwvOyh2rsVmb7i
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-