General
-
Target
PO-090220-02837.exe
-
Size
1.1MB
-
Sample
241218-s82fjatpey
-
MD5
88ae8bda9d82167c30205b7be959d2b5
-
SHA1
204d1aa6f9cfb662babba813bbbe54371c11d6b3
-
SHA256
2e6f9a5fcfce60e9a28545dd9171993ed51d5e6ddb90643b9d3ea16f64c8a076
-
SHA512
cf88685cdaa09c6062e761b2d2b06f3636340b1c96d648a968b4655b32fd7716c5f08fa1d5a0d701ec6d001cc5a9eee75817d8a9fcb475ac404c18e6af071320
-
SSDEEP
24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aSVXndE2dx4B:xTvC/MTQYxsWR7aSFdE2v
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.wxtp.store - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
PO-090220-02837.exe
-
Size
1.1MB
-
MD5
88ae8bda9d82167c30205b7be959d2b5
-
SHA1
204d1aa6f9cfb662babba813bbbe54371c11d6b3
-
SHA256
2e6f9a5fcfce60e9a28545dd9171993ed51d5e6ddb90643b9d3ea16f64c8a076
-
SHA512
cf88685cdaa09c6062e761b2d2b06f3636340b1c96d648a968b4655b32fd7716c5f08fa1d5a0d701ec6d001cc5a9eee75817d8a9fcb475ac404c18e6af071320
-
SSDEEP
24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aSVXndE2dx4B:xTvC/MTQYxsWR7aSFdE2v
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-