General
-
Target
NOAH SNAKE CRYPT.exe
-
Size
1.1MB
-
Sample
241202-tvyyxs1rfy
-
MD5
b3d2a69e99c66568eef876049cdedb8d
-
SHA1
1b7e1f804a40224c752ccf9e3ebfe6f179bada0b
-
SHA256
9a3acf740959669ba7e2d778d78a3c8ad00236eaab8be03d6fa0ec21344b07af
-
SHA512
0efa5a8bdb6331254dad87233356e407778b7e9fc90172e58293e60a8b01959f62240d2012c2a5e55904128f8d0ef3997b014659a9307a9a84d521422afe65f3
-
SSDEEP
24576:8u6J33O0c+JY5UZ+XC0kGso6Fad2uRyrWtwWNqTDbqJ2ZWY:mu0c++OCvkGs9Fad2uRyrWtDWGFY
Static task
static1
Behavioral task
behavioral1
Sample
NOAH SNAKE CRYPT.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NOAH SNAKE CRYPT.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
NOAH SNAKE CRYPT.exe
Resource
win11-20241007-en
Malware Config
Extracted
vipkeylogger
Extracted
Protocol: smtp- Host:
mail.starofseasmarine.com - Port:
587 - Username:
[email protected] - Password:
Dontforget2015
Targets
-
-
Target
NOAH SNAKE CRYPT.exe
-
Size
1.1MB
-
MD5
b3d2a69e99c66568eef876049cdedb8d
-
SHA1
1b7e1f804a40224c752ccf9e3ebfe6f179bada0b
-
SHA256
9a3acf740959669ba7e2d778d78a3c8ad00236eaab8be03d6fa0ec21344b07af
-
SHA512
0efa5a8bdb6331254dad87233356e407778b7e9fc90172e58293e60a8b01959f62240d2012c2a5e55904128f8d0ef3997b014659a9307a9a84d521422afe65f3
-
SSDEEP
24576:8u6J33O0c+JY5UZ+XC0kGso6Fad2uRyrWtwWNqTDbqJ2ZWY:mu0c++OCvkGs9Fad2uRyrWtDWGFY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-