General
-
Target
12122024_0027_11122024_Obraztsi.png.img
-
Size
1.6MB
-
Sample
241212-ar39patnhx
-
MD5
d7800e1747da6be7851f2f212e7b6dcb
-
SHA1
65a72782d8ae80b5e025f9dfb84b9f9b750aa057
-
SHA256
cf63e6fa5b0612bd51965c5371857516e831cbd1ea8f5aefddcc51f4b926278a
-
SHA512
b9354a63fbcab15a8f40d5b3172cd3295543051756f391e475431a6c8d2f09e7c1af3bc462ffa4a8678dd739f679bf362a229ce563818f7e0d4ef8aa789eb395
-
SSDEEP
24576:Uu6J33O0c+JY5UZ+XC0kGso6FaS1dieGnses7ThWY:uu0c++OCvkGs9FaS1dX0mAY
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.chata66.sk - Port:
25 - Username:
[email protected] - Password:
bGf865RweX - Email To:
[email protected]
Targets
-
-
Target
SWIFT.exe
-
Size
1.0MB
-
MD5
a1e12d2c6554aba6dc559c70c6e73de4
-
SHA1
c3efbc42b9216818cae4745be17f10a45d312b20
-
SHA256
8268222de842c98e6109c0edb31d03ee82ef3df1f09dceaebf6d63818adc356e
-
SHA512
6a2913655b66975cf92219f24906824224a127b08a4290dd57d9403802b7572a925169550e180c33e1779734935c5a2bbe661e75a199d7a0bfd0e3e23d019471
-
SSDEEP
24576:Hu6J33O0c+JY5UZ+XC0kGso6FaS1dieGnses7ThWY:Bu0c++OCvkGs9FaS1dX0mAY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-