General
-
Target
d6b544f7fe973a0ec18dc6994869bbd97779b965a7bc999b11f1d590cff9707b.exe
-
Size
560KB
-
Sample
241203-dk8glssqbl
-
MD5
376eba8de3fb318ec11efa037f8c0999
-
SHA1
998079a01ea4b5af7d90b44e289ff3e61caaa6c2
-
SHA256
d6b544f7fe973a0ec18dc6994869bbd97779b965a7bc999b11f1d590cff9707b
-
SHA512
1113f67e131f0dc952f8168be4274f910e942992b6775daaa241f48e1852ceb10875d609d34fed41ac2b5ba845d34adf327a99eaa52a7be3dbf054876aae7496
-
SSDEEP
6144:14t6Ls60mub8lmN1d/VJjbGTaQ8jY7dsO9sKL/urW09nSl6Mkmt4XzVkpmAZ51Mg:1kuicyCdsYsKLktnS5oVMmySMpQK7
Static task
static1
Behavioral task
behavioral1
Sample
d6b544f7fe973a0ec18dc6994869bbd97779b965a7bc999b11f1d590cff9707b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d6b544f7fe973a0ec18dc6994869bbd97779b965a7bc999b11f1d590cff9707b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7689901861:AAEBNHwgb6W6VOFJWVPXuo-RFbpacsgCwQg/sendMessage?chat_id=7582232587
Targets
-
-
Target
d6b544f7fe973a0ec18dc6994869bbd97779b965a7bc999b11f1d590cff9707b.exe
-
Size
560KB
-
MD5
376eba8de3fb318ec11efa037f8c0999
-
SHA1
998079a01ea4b5af7d90b44e289ff3e61caaa6c2
-
SHA256
d6b544f7fe973a0ec18dc6994869bbd97779b965a7bc999b11f1d590cff9707b
-
SHA512
1113f67e131f0dc952f8168be4274f910e942992b6775daaa241f48e1852ceb10875d609d34fed41ac2b5ba845d34adf327a99eaa52a7be3dbf054876aae7496
-
SSDEEP
6144:14t6Ls60mub8lmN1d/VJjbGTaQ8jY7dsO9sKL/urW09nSl6Mkmt4XzVkpmAZ51Mg:1kuicyCdsYsKLktnS5oVMmySMpQK7
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-