General
-
Target
e4180bdb2d86aa484d6bd4349e065a9cf796df4713b0a7063e124bb99f8f48f9
-
Size
554KB
-
Sample
241217-r9rr2ssrar
-
MD5
9222681b5ae2c006bf3f579b1be1928c
-
SHA1
9f1586135f43534b1d97c01d9269b248b7e5def1
-
SHA256
e4180bdb2d86aa484d6bd4349e065a9cf796df4713b0a7063e124bb99f8f48f9
-
SHA512
693652835e6d87f0e62d584bf682670a0259f2a3bed14f5c8505ef59f5cfe67bcb8b428622c78abb13410bca681e3a09b502744b7fe4e54af0818b5331495dc7
-
SSDEEP
12288:1CDymwYdscQlY1qkQOOMEl1Yjl1RBegEvlEvMZUxo1jlKxsA:eoosxanM1YX/5vMZUOKxP
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.acadental.com - Port:
587 - Username:
[email protected] - Password:
Dental9201$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.acadental.com - Port:
587 - Username:
[email protected] - Password:
Dental9201$
Targets
-
-
Target
Nuevo pedido de cotización 7383783 738238.pdf.exe
-
Size
1.0MB
-
MD5
a3d99bcf752d0b63fa8d5515a4765777
-
SHA1
cea1bb29d2d34f8c46fa6c9c645cc9753d5a918e
-
SHA256
e71789b9c70a2b9bbe541baf50d4e222be0d1b1cc2b38be925c01d9169158bf5
-
SHA512
f7e00d50005777373d65b9065bab7cd43ae3160554165e71c2db7bf901c34eb0608cd854e35e3159d48f698470db9a58e828aa6b4c2fa79c41149fc8030cdfe9
-
SSDEEP
24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aT7LCjhY:nTvC/MTQYxsWR7aT7mF
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-