General
-
Target
466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60.exe
-
Size
1.0MB
-
Sample
241207-jybmpayrbp
-
MD5
da3926cb64db293c3c28b5f4b5d7513d
-
SHA1
ab7b81fe3ec60f3e5e909c7acbb214ff7117e59d
-
SHA256
466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60
-
SHA512
4b2b9289fb737f453861354c7db19fbd515012773e84621f08cdf34ab0ee37c7b6cfda387e26e7af241cf384daa038601d31607ca78ebd653303e6c348dafc8b
-
SSDEEP
24576:Ij+E5UmQgGxoeTKDCAJvxADGSifhNwmNG3Ap137dboaPjyMi76KbC:Y+HmWxKDCA9fQt3IRM+i769
Static task
static1
Behavioral task
behavioral1
Sample
466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
JA-*2020antonio - Email To:
[email protected]
Targets
-
-
Target
466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60.exe
-
Size
1.0MB
-
MD5
da3926cb64db293c3c28b5f4b5d7513d
-
SHA1
ab7b81fe3ec60f3e5e909c7acbb214ff7117e59d
-
SHA256
466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60
-
SHA512
4b2b9289fb737f453861354c7db19fbd515012773e84621f08cdf34ab0ee37c7b6cfda387e26e7af241cf384daa038601d31607ca78ebd653303e6c348dafc8b
-
SSDEEP
24576:Ij+E5UmQgGxoeTKDCAJvxADGSifhNwmNG3Ap137dboaPjyMi76KbC:Y+HmWxKDCA9fQt3IRM+i769
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-