General
-
Target
855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e.exe
-
Size
1.0MB
-
Sample
241210-dltpva1qc1
-
MD5
ca3706dd6a93c5928ee3252054a7ec74
-
SHA1
402c4c006bf0e4d7afec7687f6033dccf11c6aa1
-
SHA256
855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e
-
SHA512
e83540a28bb8b6a014d40cc66842b0c045e712f894df967ade6939461120f61a9580c85c3915aa8103c4faa40077a26d9e9dbecfc7086a9529105c2e409b048d
-
SSDEEP
24576:Ij+EfvosO3Hx7JwmNG3Ap137dboaPjyMi76Kb0:Y+MvpoOt3IRM+i76f
Static task
static1
Behavioral task
behavioral1
Sample
855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
JA-*2020antonio - Email To:
[email protected]
Targets
-
-
Target
855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e.exe
-
Size
1.0MB
-
MD5
ca3706dd6a93c5928ee3252054a7ec74
-
SHA1
402c4c006bf0e4d7afec7687f6033dccf11c6aa1
-
SHA256
855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e
-
SHA512
e83540a28bb8b6a014d40cc66842b0c045e712f894df967ade6939461120f61a9580c85c3915aa8103c4faa40077a26d9e9dbecfc7086a9529105c2e409b048d
-
SSDEEP
24576:Ij+EfvosO3Hx7JwmNG3Ap137dboaPjyMi76Kb0:Y+MvpoOt3IRM+i76f
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-