General
-
Target
ST07933.exe
-
Size
820KB
-
Sample
241210-st6rpsynct
-
MD5
d9c24eb3137fb3e1f939625d3076bb0f
-
SHA1
9d06b465b4e137dccc09aa583fd928bbcf2275aa
-
SHA256
02184b32f1b3e76b78acf7e889f3f581ef65696df1f64efb9bfe3b2d2ccabfd6
-
SHA512
f1d6e69a72deb762416c0954faa05196debc9b6b53ab9a38621dbeb0175dd907ce4758b0aea6f78501b5b9a6c8307c50a10fe7c6e4af72415c9a573d08baf057
-
SSDEEP
24576:wTkQIwLXEADfmo/SbKdsyjlR4MsfZV+ER/r:qvTDf6bKdsalRpsfZV+q/r
Static task
static1
Behavioral task
behavioral1
Sample
ST07933.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ST07933.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
JA-*2020antonio - Email To:
[email protected]
Targets
-
-
Target
ST07933.exe
-
Size
820KB
-
MD5
d9c24eb3137fb3e1f939625d3076bb0f
-
SHA1
9d06b465b4e137dccc09aa583fd928bbcf2275aa
-
SHA256
02184b32f1b3e76b78acf7e889f3f581ef65696df1f64efb9bfe3b2d2ccabfd6
-
SHA512
f1d6e69a72deb762416c0954faa05196debc9b6b53ab9a38621dbeb0175dd907ce4758b0aea6f78501b5b9a6c8307c50a10fe7c6e4af72415c9a573d08baf057
-
SSDEEP
24576:wTkQIwLXEADfmo/SbKdsyjlR4MsfZV+ER/r:qvTDf6bKdsalRpsfZV+q/r
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-