General
-
Target
d99e9e3d982f4b8edbf8c316a6f830009944ad89c1d144d478c2849c091f5b6a
-
Size
642KB
-
Sample
241210-ehrazstjbv
-
MD5
42fa4827bf6b86ac252d85bb99b96241
-
SHA1
4490e9b304626c4ef0c703c3946886b038a3ffa8
-
SHA256
d99e9e3d982f4b8edbf8c316a6f830009944ad89c1d144d478c2849c091f5b6a
-
SHA512
c7acce95c0fcf1643b356dcc5a628dfb6d8f5a44b85e0768ea17eba77492ff582381d64c5d6237e1f3dc5224ac221329c6ac27dff351678d2d3f48a6da4b3254
-
SSDEEP
12288:JMTX39R7n4Kdj6jVWtS7Gaiq0sk7C2/QAqTkOrGabyppUMBgS:JMT9R7ROjAADiqRhJAq9TbyphOS
Static task
static1
Behavioral task
behavioral1
Sample
noah s crypt.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
noah s crypt.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.starofseasmarine.com - Port:
587 - Username:
[email protected] - Password:
Dontforget2015
Extracted
vipkeylogger
Targets
-
-
Target
noah s crypt.exe
-
Size
1.1MB
-
MD5
1a74dbd880003ff0dfcc93dd83631743
-
SHA1
c9bc0027273ad74ff97d1d7b8a0668e5e750a604
-
SHA256
63f122de6bc1f877eccfddb4a3a34b93177203cdd3b906e02f6045d71917dd34
-
SHA512
ed2c727b17db2d77e8ef79263b838bdb777bc71c0a2588e8b818c0f34d550c9b8b73b969b9f5a8ccb6abee5cd0bfd5699ebe108609ae646093f01bea643f123b
-
SSDEEP
24576:Pu6J33O0c+JY5UZ+XC0kGso6FahQoisynLIJ9HWY:5u0c++OCvkGs9FahQoTcEoY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-