General
-
Target
12B5956BEDC7C8E90F93616E91346B481754F0347BCD2CDDD98C770BB143A92B
-
Size
1.3MB
-
Sample
250103-jn857svlav
-
MD5
850b1ff6b75f4422ad65d04ce4355ad0
-
SHA1
5dd4b213e8c9e0bea6459c6955637019a6e1255d
-
SHA256
12b5956bedc7c8e90f93616e91346b481754f0347bcd2cddd98c770bb143a92b
-
SHA512
2e64488e2bdc393496e5417d3b5fbd8c7c98d732e7b4c4f5eeff669ec46d463aeb9366e57d4763e92ee85a977b105832c3c15460cff18e0c8fda391699ffcf51
-
SSDEEP
24576:sRmJkcoQricOIQxiZY1iaQwiRv+PqpjMpIq4YDjX3mZsIHh:5JZoQrbTFZY1iaQ5v+PqKpbfvX3/IB
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.jhxkgroup.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
12B5956BEDC7C8E90F93616E91346B481754F0347BCD2CDDD98C770BB143A92B
-
Size
1.3MB
-
MD5
850b1ff6b75f4422ad65d04ce4355ad0
-
SHA1
5dd4b213e8c9e0bea6459c6955637019a6e1255d
-
SHA256
12b5956bedc7c8e90f93616e91346b481754f0347bcd2cddd98c770bb143a92b
-
SHA512
2e64488e2bdc393496e5417d3b5fbd8c7c98d732e7b4c4f5eeff669ec46d463aeb9366e57d4763e92ee85a977b105832c3c15460cff18e0c8fda391699ffcf51
-
SSDEEP
24576:sRmJkcoQricOIQxiZY1iaQwiRv+PqpjMpIq4YDjX3mZsIHh:5JZoQrbTFZY1iaQ5v+PqKpbfvX3/IB
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-