General
-
Target
01691572fea435c657ac244e6afe7f6bc6d4c1441e7d1ea0479be5f8f3c7d8be
-
Size
514KB
-
Sample
241223-c8henavmbl
-
MD5
793b763a317009cf663ef1db103b2887
-
SHA1
d95fde52d8442d444573ce294c9e2754035db474
-
SHA256
01691572fea435c657ac244e6afe7f6bc6d4c1441e7d1ea0479be5f8f3c7d8be
-
SHA512
e2ca91062ada9bc59183aec015dacb2d6920e98b96e0de04006825fdbd712fbce08bebe113e9697366691be2a7d0506d9ae28e2c38a0c557fba6cc09e693090f
-
SSDEEP
12288:5cftDFBM7bP8sWVvkmRPp+nyQTHVKSXbBEMSfgelvN/Fb:+fPBMnE7ccEXbtCvT
Static task
static1
Behavioral task
behavioral1
Sample
Order quantity#1200_2400_3600pcs.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Order quantity#1200_2400_3600pcs.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.gtpv.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
Order quantity#1200_2400_3600pcs.exe
-
Size
819KB
-
MD5
0cd1071e0f79705e1dc57e76bc1abbe5
-
SHA1
2485e562e9bb0f234f21d176066a0c17670aaf25
-
SHA256
ed887c9d6b4326d2dde59eb42f1f8d0a6f274cfb690c1013f318a45aea5d3ac6
-
SHA512
6073b0ababa1d92b341002c4a61ebd378b13cbe27ea115aa79581c06798c7837cc909a5d42cb92dafd187059d649693f2601d2342142101cec9f6aadc40c88d7
-
SSDEEP
12288:0jvtDL3M7b58soVv4mRPrg5MCao3AiqLwgDK7Pw0W:0jvV3Mn2jgQo3A9L27Pw0W
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-