General
-
Target
8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271.exe
-
Size
646KB
-
Sample
241204-dgslzsykdz
-
MD5
8ae914653340ef79bbf6c39eaf259e16
-
SHA1
7b74c24e74bdb4837ebf448362dd2d261843e833
-
SHA256
8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271
-
SHA512
e6e91013a45ea11451634c0fd5215a72be9a17c7e0cc3984c7b5a1120fee57cb5796d7884ba11ede95f068960646dc73cd6df44053cd41293d51a09e137b01fb
-
SSDEEP
12288:pjBR3Lxt5wW1oLiLud/6w3ZJPAJBom1M8E16YdL7Dd3i6:pdvT96Pd/ex1Mt16YdLl3z
Static task
static1
Behavioral task
behavioral1
Sample
8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271.exe
-
Size
646KB
-
MD5
8ae914653340ef79bbf6c39eaf259e16
-
SHA1
7b74c24e74bdb4837ebf448362dd2d261843e833
-
SHA256
8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271
-
SHA512
e6e91013a45ea11451634c0fd5215a72be9a17c7e0cc3984c7b5a1120fee57cb5796d7884ba11ede95f068960646dc73cd6df44053cd41293d51a09e137b01fb
-
SSDEEP
12288:pjBR3Lxt5wW1oLiLud/6w3ZJPAJBom1M8E16YdL7Dd3i6:pdvT96Pd/ex1Mt16YdLl3z
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-