General
-
Target
1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46N.exe
-
Size
1.0MB
-
Sample
241202-dxcwgasmbp
-
MD5
b59e2565fe790bd1803bec8e583c0e80
-
SHA1
54eb800ac8cb2923997dd7bf7059951f714fee8f
-
SHA256
1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46
-
SHA512
8dada552ad3bb8fc7f112bb689f8cb2d293a5d566e4dc80e0090d2bb60db27aa2871d525b4367643b7e6a7941191f569079c940678ebfb341c086d5cda62dacd
-
SSDEEP
24576:stb20pkaCqT5TBWgNQ7arslkvopEkQBX6A:VVg5tQ7arsWvXp5
Static task
static1
Behavioral task
behavioral1
Sample
1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8051588258:AAE-CNbIS7UXg4eOA3t-8snZKI_z-YAyGQg/sendMessage?chat_id=7640920144
Targets
-
-
Target
1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46N.exe
-
Size
1.0MB
-
MD5
b59e2565fe790bd1803bec8e583c0e80
-
SHA1
54eb800ac8cb2923997dd7bf7059951f714fee8f
-
SHA256
1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46
-
SHA512
8dada552ad3bb8fc7f112bb689f8cb2d293a5d566e4dc80e0090d2bb60db27aa2871d525b4367643b7e6a7941191f569079c940678ebfb341c086d5cda62dacd
-
SSDEEP
24576:stb20pkaCqT5TBWgNQ7arslkvopEkQBX6A:VVg5tQ7arsWvXp5
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-