General
-
Target
DECEMBER PAYMENT.rar
-
Size
492KB
-
Sample
241209-sk786s1rcy
-
MD5
f351499172f5b333b4e4a2c266b29eea
-
SHA1
da8b8b4aa66e42110946a947ca1bce0329a43c7b
-
SHA256
6effcde29dbe8304a62aebe8bd88db01c18de6aa946523a48c4bce5aa6d5ec3d
-
SHA512
aa4c6314de8b8330b962ce5b2fca07faa7d2e93d075a5700c6349b5863e222b893ea93177e6ba8a6ed2a9bcf2cf6f169b964eb949b9e63d2180e3dd37e9bc33e
-
SSDEEP
12288:tv4kIuQ0QOmJpm9oxQuNrgrb1Mo4lXREH++p:tA0QXryrbyod
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.irco.com.sa - Port:
587 - Username:
[email protected] - Password:
info12A
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.irco.com.sa - Port:
587 - Username:
[email protected] - Password:
info12A - Email To:
[email protected]
Targets
-
-
Target
PO.exe
-
Size
976KB
-
MD5
123b5ecd85676f192dfe4a0d6d3b9419
-
SHA1
5a96e18cde4f369646c421c58dd7ce92c307862d
-
SHA256
520e219c0f4f6198428644141cbbb479607aa8aafc613c1d7abdaca2b8254359
-
SHA512
1f12089b4fb87b0bb0d92c2a7562616269c8fcb6c409f5de74bba4c5f06dc29d24cdcd32120bce7c3cb8978afa8f7ab2cb121e4900c6275b4abf8d27f3884987
-
SSDEEP
24576:yu6J33O0c+JY5UZ+XC0kGso6Fa6J35NOWY:0u0c++OCvkGs9Fa67Y
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-