General
-
Target
e4ee3b0145b6c859815fd11a158334d23fdb015f4d225ed6e0dae2a4a7c82777.exe
-
Size
646KB
-
Sample
241206-dzl7xstqap
-
MD5
34e3967c8143fb8822936f1a463b72df
-
SHA1
ddd217ba236011c11af70a60e5942f345cc5039a
-
SHA256
e4ee3b0145b6c859815fd11a158334d23fdb015f4d225ed6e0dae2a4a7c82777
-
SHA512
4e1633b036e3dfe3405f6580903a938a7f6b43848e4408e2573478b4172e2236ccff8683f982c22cf2a70bf56c9967395ef7c7a5dd58a29cdf244aaa796dcc68
-
SSDEEP
12288:wOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiOHGu+4EIppaL+YQRUXi1h5QryNnts:wq5TfcdHj4fmboOci0kPNnmN
Behavioral task
behavioral1
Sample
e4ee3b0145b6c859815fd11a158334d23fdb015f4d225ed6e0dae2a4a7c82777.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
e4ee3b0145b6c859815fd11a158334d23fdb015f4d225ed6e0dae2a4a7c82777.exe
-
Size
646KB
-
MD5
34e3967c8143fb8822936f1a463b72df
-
SHA1
ddd217ba236011c11af70a60e5942f345cc5039a
-
SHA256
e4ee3b0145b6c859815fd11a158334d23fdb015f4d225ed6e0dae2a4a7c82777
-
SHA512
4e1633b036e3dfe3405f6580903a938a7f6b43848e4408e2573478b4172e2236ccff8683f982c22cf2a70bf56c9967395ef7c7a5dd58a29cdf244aaa796dcc68
-
SSDEEP
12288:wOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiOHGu+4EIppaL+YQRUXi1h5QryNnts:wq5TfcdHj4fmboOci0kPNnmN
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-