General
-
Target
SALARY_RECEIPT.exe
-
Size
978KB
-
Sample
241210-kd5wga1kcs
-
MD5
b5a3ea0071679f5c97430d9c975b519f
-
SHA1
a907a0a8662358e2949049cdb3985c25f6fdc101
-
SHA256
40e6296abf94cb3ee0a7897c71105ac1316ab063dc5deb4a8e433743668294cd
-
SHA512
e00d817416242936e0b755af94697e0f9b7136dc97773cf4da77d3ccbb7a26c63df84890aedd545d84017082479d33cf098c293ad43436f1c3f3ca8c2190b2bf
-
SSDEEP
24576:4u6J33O0c+JY5UZ+XC0kGso6FaAR/DgsWY:yu0c++OCvkGs9FaARaY
Static task
static1
Behavioral task
behavioral1
Sample
SALARY_RECEIPT.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
SALARY_RECEIPT.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.hostinger.com - Port:
587 - Username:
[email protected] - Password:
eQ&vwpXMsK38
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.hostinger.com - Port:
587 - Username:
[email protected] - Password:
eQ&vwpXMsK38 - Email To:
[email protected]
Targets
-
-
Target
SALARY_RECEIPT.exe
-
Size
978KB
-
MD5
b5a3ea0071679f5c97430d9c975b519f
-
SHA1
a907a0a8662358e2949049cdb3985c25f6fdc101
-
SHA256
40e6296abf94cb3ee0a7897c71105ac1316ab063dc5deb4a8e433743668294cd
-
SHA512
e00d817416242936e0b755af94697e0f9b7136dc97773cf4da77d3ccbb7a26c63df84890aedd545d84017082479d33cf098c293ad43436f1c3f3ca8c2190b2bf
-
SSDEEP
24576:4u6J33O0c+JY5UZ+XC0kGso6FaAR/DgsWY:yu0c++OCvkGs9FaARaY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-