General
-
Target
81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d.exe
-
Size
1.0MB
-
Sample
241203-c18xmsvrf1
-
MD5
2c8f30a128855b88559a2876c0286416
-
SHA1
eb253a85f2141bdb4707a80e6f2d22852c9578c3
-
SHA256
81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d
-
SHA512
6fdf837d6b3aa9ac3f5513db636ec20d26e10c94279b404cd77cb49ab013168334f786274047e36216c2618dc4494600b19db4481a6bae80e8b3befff815c404
-
SSDEEP
24576:/tb20pkaCqT5TBWgNQ7aj+LCx0Bthb6Au:8Vg5tQ7aj+LCSBt15u
Static task
static1
Behavioral task
behavioral1
Sample
81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7157329086:AAGOsSc2V0wvMRyvFFXhUVN6YYkkxDpjHDU/sendMessage?chat_id=7337843299
Targets
-
-
Target
81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d.exe
-
Size
1.0MB
-
MD5
2c8f30a128855b88559a2876c0286416
-
SHA1
eb253a85f2141bdb4707a80e6f2d22852c9578c3
-
SHA256
81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d
-
SHA512
6fdf837d6b3aa9ac3f5513db636ec20d26e10c94279b404cd77cb49ab013168334f786274047e36216c2618dc4494600b19db4481a6bae80e8b3befff815c404
-
SSDEEP
24576:/tb20pkaCqT5TBWgNQ7aj+LCx0Bthb6Au:8Vg5tQ7aj+LCSBt15u
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-