General
-
Target
6c72cb65233e11d0a50011cd4b07575f151fdd02ce4f49ae28fefa5cf4684757
-
Size
624KB
-
Sample
241206-wt52yszpgx
-
MD5
b831233ee42c15512a440dba9e01ffde
-
SHA1
1b8f4f5661c5f19d8654ac87300f14624af849a6
-
SHA256
6c72cb65233e11d0a50011cd4b07575f151fdd02ce4f49ae28fefa5cf4684757
-
SHA512
c8ee153f6749c2bd1386285a2d4481b5f532167efc4999159787d6248a48fba6b21db9d5d229d171a7fc27e69b36d8661f459ee71fdec0ee98584759999c68cd
-
SSDEEP
12288:9UfHbFU9IAPhjOaRbvo4MuWS2My9UeAeZ5YQ2v7:ufHb29IUoS2uWIoUoHE
Static task
static1
Behavioral task
behavioral1
Sample
Awb_000051224..exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Awb_000051224..exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7546896793:AAGEGIt0RtLapwHQA3llERLQC1AMW8eOKsI/sendMessage?chat_id=7941049362
Targets
-
-
Target
Awb_000051224..exe
-
Size
1.0MB
-
MD5
385af6b596eb196b00f5e98ad9610d5c
-
SHA1
86369c454882788520e46e529bc9c9315a0280b5
-
SHA256
ce5cfba0bd5215b988c6a71324ec34b7cd0e5374f2123b251c84b27d404cf47d
-
SHA512
bd889c11b3c1860afe2ec286be5cf49cd6fb748ff43c97b8957387acf6d1b64fbc1866ad562f252bd83dcfbb818ec71e209b8d7891d45d8fb3fdb237f7f072a4
-
SSDEEP
24576:Ru6J33O0c+JY5UZ+XC0kGso6FadGU0zneWY:Du0c++OCvkGs9FadGU0hY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-