General
-
Target
New Order C0038 2024.exe
-
Size
1.0MB
-
Sample
241202-qeyfnsvlcz
-
MD5
35874980a4350138b7e0f84f040f1fc6
-
SHA1
89d0aadc5630b2e2096c318650f217a6ba43acd2
-
SHA256
850b8b66acd2856eaa54db6d4de492bb5f3d987019acb6198297d8c561c9087c
-
SHA512
18a4965e716356a7687b44dc6fd72a9953182d1f52b4e65b0840c7774e8ab1aad4180f84f63ea3c46a87eaae29d3f6c3a838f89bf511f68c7a8f87b0a86dbe55
-
SSDEEP
24576:6tb20pkaCqT5TBWgNQ7aJzkJXKpDgv2w6A:nVg5tQ7aJzk/P5
Static task
static1
Behavioral task
behavioral1
Sample
New Order C0038 2024.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
New Order C0038 2024.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.gtpv.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
New Order C0038 2024.exe
-
Size
1.0MB
-
MD5
35874980a4350138b7e0f84f040f1fc6
-
SHA1
89d0aadc5630b2e2096c318650f217a6ba43acd2
-
SHA256
850b8b66acd2856eaa54db6d4de492bb5f3d987019acb6198297d8c561c9087c
-
SHA512
18a4965e716356a7687b44dc6fd72a9953182d1f52b4e65b0840c7774e8ab1aad4180f84f63ea3c46a87eaae29d3f6c3a838f89bf511f68c7a8f87b0a86dbe55
-
SSDEEP
24576:6tb20pkaCqT5TBWgNQ7aJzkJXKpDgv2w6A:nVg5tQ7aJzk/P5
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-