General
-
Target
abc310a513d02735786554a683127b642cc1ea3394ae0041e04861d346518592
-
Size
743KB
-
Sample
241224-pww4haxmgz
-
MD5
3e392fae4cae38570e584f88bfd0ee2f
-
SHA1
0e8888c772a775bda245be93f933fa3a40012b57
-
SHA256
abc310a513d02735786554a683127b642cc1ea3394ae0041e04861d346518592
-
SHA512
0ed79b73ff090e009fb343ef62883736ca961a208be8e88656b26f70e4a8f66172ff53f7c9aab50b77bdc31340115167bcfaa90b6cadb65534d23099443f2ea7
-
SSDEEP
12288:4+cSI3+fJtiIblugCIGiIlXtGkfTaPW+117cdkYIBOQLC7rDGUqQJrK+Cwy7PBe0:Q+igBpJIGkraPWCmIhLCDGUqUty7peYv
Static task
static1
Behavioral task
behavioral1
Sample
Printernummers.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Printernummers.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8179583980:AAG4cdQWaAviOBBhSs3OrT1OX6_IUptNQv8/sendMessage?chat_id=6070006284
Targets
-
-
Target
Printernummers.exe
-
Size
770KB
-
MD5
5e2ff1914fc1f8ebadf282f4096d6fc8
-
SHA1
77d61bdf0ce63eed5324b56623b878fc3dc79890
-
SHA256
f5f3c3a8c7f9f5fb9531fa0d57012ce0869b52b23d05e6c9b7a0220ac917db6d
-
SHA512
e70121837b94ba002dc2093afcebed4ec1d3f90d46d1466fe66e4f0bd16a9426d58547946ef7f420c937017deb650c5705c7792f6047de68918f018b7ec4d916
-
SSDEEP
12288:6DGZKmormA1FvvLR3x8rqDFXlo3KsAYzjDCwonXnWMIk2CyLuuOSFBPpJh/gpcXF:4mor/1t8uTooHNnXWMIdCkOqXPgKP9
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
1b0e41f60564cccccd71347d01a7c397
-
SHA1
b1bddd97765e9c249ba239e9c95ab32368098e02
-
SHA256
13ebc725f3f236e1914fe5288ad6413798ad99bef38bfe9c8c898181238e8a10
-
SHA512
b6d7925cdff358992b2682cf1485227204ce3868c981c47778dd6da32057a595caa933d8242c8d7090b0c54110d45fa8f935a1b4eec1e318d89cc0e44b115785
-
SSDEEP
96:s7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN838:UbGgGPzxeX6D8ZyGgmkN
Score3/10 -