General
-
Target
64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545.exe
-
Size
626KB
-
Sample
241205-x2wnxsvjgj
-
MD5
406c82d85bd25857140116b91f8c3b3d
-
SHA1
5e62807cc5f68c061d1be770df181d1e23075dfd
-
SHA256
64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545
-
SHA512
c969d9ffb277f8e51fcc531f9cce8b974f26ce1525145312a248e9f34d4752ee924b181977468ae1d175b1067ddd68f6be45a5e1fda2f374a619ca4006bfc220
-
SSDEEP
12288:AORXHVTaXU/mlQF0FAIxlMZSkNyAJJjB55EQPzMm1:AORlTaXUVaqJhJjB37PzMS
Static task
static1
Behavioral task
behavioral1
Sample
64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Extracted
Protocol: ftp- Host:
ftp.fastestpay.digital - Port:
21 - Username:
[email protected] - Password:
1Qj;XlmD!Lrj
Targets
-
-
Target
64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545.exe
-
Size
626KB
-
MD5
406c82d85bd25857140116b91f8c3b3d
-
SHA1
5e62807cc5f68c061d1be770df181d1e23075dfd
-
SHA256
64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545
-
SHA512
c969d9ffb277f8e51fcc531f9cce8b974f26ce1525145312a248e9f34d4752ee924b181977468ae1d175b1067ddd68f6be45a5e1fda2f374a619ca4006bfc220
-
SSDEEP
12288:AORXHVTaXU/mlQF0FAIxlMZSkNyAJJjB55EQPzMm1:AORlTaXUVaqJhJjB37PzMS
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-