General
-
Target
transferenciainterbancaria_00081.exe
-
Size
541KB
-
Sample
241203-mle15a1ng1
-
MD5
54327a2f6c75bb2c549a5a98a462a588
-
SHA1
f65473fa075bef32b55445d84cb8bfa4da48ac79
-
SHA256
c3463021d3069ae7aad460707a950eb7b427a65c87f3d8e201b59cebb886a1b7
-
SHA512
88595fa0af8ac0211145787ce0d0d3afdfb396edfcfcbab16d4714fbfb1077a8eb8df5ec6bd9aaefd916611363dd7791c62cfaba24a571bd4279ffb93bb73866
-
SSDEEP
12288:aICfPgs7diA6gdZiygrNIVYAHHjMIyoS/B3FYA1YU:MZdL6AMxI+Aopz/lJv
Static task
static1
Behavioral task
behavioral1
Sample
transferenciainterbancaria_00081.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
transferenciainterbancaria_00081.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
Comercialplastico3. - Email To:
[email protected]
Targets
-
-
Target
transferenciainterbancaria_00081.exe
-
Size
541KB
-
MD5
54327a2f6c75bb2c549a5a98a462a588
-
SHA1
f65473fa075bef32b55445d84cb8bfa4da48ac79
-
SHA256
c3463021d3069ae7aad460707a950eb7b427a65c87f3d8e201b59cebb886a1b7
-
SHA512
88595fa0af8ac0211145787ce0d0d3afdfb396edfcfcbab16d4714fbfb1077a8eb8df5ec6bd9aaefd916611363dd7791c62cfaba24a571bd4279ffb93bb73866
-
SSDEEP
12288:aICfPgs7diA6gdZiygrNIVYAHHjMIyoS/B3FYA1YU:MZdL6AMxI+Aopz/lJv
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-