General
-
Target
5b6955b40c450b03be011b795c8034d211f84ddf4e67e55711d0c86bb92f582a
-
Size
609KB
-
Sample
241209-b4khsaxmfs
-
MD5
21471889a8d88877a678397f29db964e
-
SHA1
0c328e0a37f2e0f73b5c4a708d90d623931a55c1
-
SHA256
5b6955b40c450b03be011b795c8034d211f84ddf4e67e55711d0c86bb92f582a
-
SHA512
ecdce4ce79f134bf651dad0d210bb77eb987bbc6af139b29be1d7f4a6f17d1edfd90dd9183c7eabb777b904732cf614eaf4b2c9485a2dc3809df70935b90d13c
-
SSDEEP
12288:wd9RjfnrgQ9ob23X/CekkcdQW+TFhLOMrSN73Qmojs4A9:ujfnrbOwXYkar+TbKMMWm
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Payment Slip.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.wxtp.store - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
Payment Slip.exe
-
Size
1009KB
-
MD5
d721eab396039744df30c1c4ac89386e
-
SHA1
db06bcb42971088989f20c795e484611b37b35b0
-
SHA256
f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7
-
SHA512
aab9f2ea6979d26df263378e629ff9058652c3622bda8c913968dd45c461d546cf1cbc337387ee344109f0273248476c44640b0e9f14deba944c92fac1f8e226
-
SSDEEP
24576:Ou6J33O0c+JY5UZ+XC0kGso6Fa4rtKwUtjWWY:Au0c++OCvkGs9Fa4rInTY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-