General
-
Target
04122024_1430_03122024_FRA.2080 GRACARE MAIG (2).rar
-
Size
513KB
-
Sample
241204-rt5zqsyjby
-
MD5
39bc93c25786719d1d73165fdd3bf137
-
SHA1
f3e0ac8567a7acf69d824d7c10675adef13047b7
-
SHA256
184984d6c7d316d2b0b281958b784d78e85811465d5b04622584b4b47d8fe4b9
-
SHA512
14994a687b5cf90a4d456cfec5256a604d9944f31b1fcaff6a85be9ca09538e952a7bb9f6aea6f90252f1ac0deb16ff35a202fc0176c1992ee8fb81b278cf685
-
SSDEEP
12288:AngrB3Qo9esMYYqQvUKEVrbggEyRanPI/LWynhNKPS:AngrB3Qs3YqQvmRfXanQDW8HKPS
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
SOCAG3_314$%] - Email To:
[email protected]
Targets
-
-
Target
FRA.2080 GRACARE MAIG (2).exe
-
Size
528KB
-
MD5
341ae38ffefa01cb1ce586636e6629db
-
SHA1
ec0f4fa6942ef3aadc183d440239e883faeab607
-
SHA256
2ff3d2bda15e7a1ceb97f318d9e85d930e6a75a135d70b953b708c96f90921a7
-
SHA512
8b342bb4b381421be54a5876fba24cc6bccc1a0ecca48c6afb949b97645fdb69141e1dd1017d97fde3a3a080897a79534d0719119d4d2a076573b2c72fb98819
-
SSDEEP
12288:aICiw3Giju9h1LrEOn1UuwE1eu0yoS/B3FYA1Y/:Miw2Uu9DLrEOnZwo/z/lJs
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-