General
-
Target
29807b7bbe150c4005266b07919615984fcc9dec19052ae262374635024c9e2b.exe
-
Size
747KB
-
Sample
241224-de8keszqhj
-
MD5
723e8d7420209e5658d32ebeaea45b9c
-
SHA1
1fab08989ece01ecd3f485d33a921dd553ccc393
-
SHA256
29807b7bbe150c4005266b07919615984fcc9dec19052ae262374635024c9e2b
-
SHA512
bd1bb8ee484f3d0768ce1afdbc4091e168613f0d162142f8fbf916bbcf5e5e40f43fecf1452976baf898abe4077db184efda918bbedc472016953fb7f6e470e4
-
SSDEEP
12288:hDGZKmormA1WTNBX5CN/8DCYz1JqAxQJuPLaDbguIsFFfDF/dvJimLQrU+UvdmBp:vmor/1WNBYN/iXqAxQJW0kTsF/im/mBp
Static task
static1
Behavioral task
behavioral1
Sample
29807b7bbe150c4005266b07919615984fcc9dec19052ae262374635024c9e2b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
29807b7bbe150c4005266b07919615984fcc9dec19052ae262374635024c9e2b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7745751910:AAGY46QDCTWO_Pw9iDqZhkNij-i4uwbMgzE/sendMessage?chat_id=7695061973
Targets
-
-
Target
29807b7bbe150c4005266b07919615984fcc9dec19052ae262374635024c9e2b.exe
-
Size
747KB
-
MD5
723e8d7420209e5658d32ebeaea45b9c
-
SHA1
1fab08989ece01ecd3f485d33a921dd553ccc393
-
SHA256
29807b7bbe150c4005266b07919615984fcc9dec19052ae262374635024c9e2b
-
SHA512
bd1bb8ee484f3d0768ce1afdbc4091e168613f0d162142f8fbf916bbcf5e5e40f43fecf1452976baf898abe4077db184efda918bbedc472016953fb7f6e470e4
-
SSDEEP
12288:hDGZKmormA1WTNBX5CN/8DCYz1JqAxQJuPLaDbguIsFFfDF/dvJimLQrU+UvdmBp:vmor/1WNBYN/iXqAxQJW0kTsF/im/mBp
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
1b0e41f60564cccccd71347d01a7c397
-
SHA1
b1bddd97765e9c249ba239e9c95ab32368098e02
-
SHA256
13ebc725f3f236e1914fe5288ad6413798ad99bef38bfe9c8c898181238e8a10
-
SHA512
b6d7925cdff358992b2682cf1485227204ce3868c981c47778dd6da32057a595caa933d8242c8d7090b0c54110d45fa8f935a1b4eec1e318d89cc0e44b115785
-
SSDEEP
96:s7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN838:UbGgGPzxeX6D8ZyGgmkN
Score3/10 -