General
-
Target
1593138acaab817fa43fb8649784ed3c3bfecc2f4ba396c1775c8f708b0e8ef1
-
Size
622KB
-
Sample
241209-phtffs1rhl
-
MD5
399afaa0d3c1367ed9bd3f4bbbb422f2
-
SHA1
6beb7089080bb995da2ee76cede93f433c7e0d46
-
SHA256
1593138acaab817fa43fb8649784ed3c3bfecc2f4ba396c1775c8f708b0e8ef1
-
SHA512
a458fd40f0a91653a1b5e8d72ec6db4fef9097d1cdbbb6b46d2fdea90e65e548caa9e519fd231e84a116107ac8bd8ad000997ea17bc07ace9ff650e835b33e34
-
SSDEEP
12288:HTzJh/K72TQ9GEF5QH5/ptMOW1T2eOsb7uD8CHO5AzsrYEd5jlbc/1xh:zz/K72TQ0EvAbW1T2ex28kg4zSjlw
Static task
static1
Behavioral task
behavioral1
Sample
Maria Sibirtseva Professional CV.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Maria Sibirtseva Professional CV.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.gtpv.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
Maria Sibirtseva Professional CV.exe
-
Size
1021KB
-
MD5
0757b1febdbd6a69bd416a525459cd4d
-
SHA1
9a7e1c1857ced94f87e000b8e37602633cd10e2f
-
SHA256
4467e8fbcd2f915ea98a7fac491ef2e3e233267b8623657276a6296f1e686a8a
-
SHA512
e27acca0da38aff16382a401caadf146c8a4634956a650a673c27e203e79d91dfddb823d67ff3e891e2c34b690ab5df7007313857a1834a863377fdfdcd2982c
-
SSDEEP
24576:Zu6J33O0c+JY5UZ+XC0kGso6FaqZ8ke4VijTZ2KWY:bu0c++OCvkGs9Faqey+TUY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-