General
-
Target
5a7861eb0fe3a27d6d62d163ca81f35e2118de802fc9b52c45ddf7370eab621b
-
Size
721KB
-
Sample
241209-c7s5rstkfp
-
MD5
05488807d77c5d1c9dd57a35769cc373
-
SHA1
0ce22ba2da132fa4e97e71159cf5ba52f4d31a56
-
SHA256
5a7861eb0fe3a27d6d62d163ca81f35e2118de802fc9b52c45ddf7370eab621b
-
SHA512
205e1f094d738cfbe61331931cfe979163881c13df33bb08cf913b21bc6c47334f5de89302527584fa01bafebd7febe3a86b48f8a8900f46781682e3a3fd3a6c
-
SSDEEP
12288:/fRv8jUOXob23K/mPWLqi33oi/XieLOzTY7p+iapJdZszljW2cs2UhZQGBwEnGZe:hEjAwKeyqi3Yi/jOzTKp+PEW2QL7ZQlp
Static task
static1
Behavioral task
behavioral1
Sample
Receipt.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Receipt.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
Receipt.exe
-
Size
1.1MB
-
MD5
1d0c53e42bd84b7b7cfabed7dae7f570
-
SHA1
0b0df40afe9bed5720c361fe7ed63395e1a25f41
-
SHA256
ddadbda4f90dc1d05f3e78ac6e5009c2e6608137b60bce3427e25ffea1b4d944
-
SHA512
9ab7671f48d5dbeb58c93b61998762ed91da2f566421ff11f53edfdb6a65af0199ff4bb31647ec296cae7f85ba7cfc71340fbb931e6a05fd5aa03a43f5026057
-
SSDEEP
24576:cu6J33O0c+JY5UZ+XC0kGso6FaNAaW2Kh7ZClY9lnmWY:Gu0c++OCvkGs9FaNAaWphNCC1Y
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-