General
-
Target
42A09E735691F947B7CC6D8F9A9CEBBF9E87AC1FC2CBD0A4F0AA2B1B9EB4262C
-
Size
1.1MB
-
Sample
250103-jpd2fsvlbw
-
MD5
af543f56f1a0b6d5ee124d57a2ecde49
-
SHA1
1d500618b4bff325779ae55036fd98ce45512451
-
SHA256
42a09e735691f947b7cc6d8f9a9cebbf9e87ac1fc2cbd0a4f0aa2b1b9eb4262c
-
SHA512
0e8361c3692543a39044b01a1aa00238f765a4ca0eee336674fce7489f36e1cf59607541bbe82de1e848b76f57cd88d78176e53039981ab2caf08884b91a6f4c
-
SSDEEP
24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaQnoDWRioEwfnYptP5:2h+ZkldoPK8YaQoDWRVQ
Malware Config
Extracted
vipkeylogger
Extracted
Protocol: smtp- Host:
mail.watertechengineers.com - Port:
587 - Username:
[email protected] - Password:
Techno@1234
Targets
-
-
Target
42A09E735691F947B7CC6D8F9A9CEBBF9E87AC1FC2CBD0A4F0AA2B1B9EB4262C
-
Size
1.1MB
-
MD5
af543f56f1a0b6d5ee124d57a2ecde49
-
SHA1
1d500618b4bff325779ae55036fd98ce45512451
-
SHA256
42a09e735691f947b7cc6d8f9a9cebbf9e87ac1fc2cbd0a4f0aa2b1b9eb4262c
-
SHA512
0e8361c3692543a39044b01a1aa00238f765a4ca0eee336674fce7489f36e1cf59607541bbe82de1e848b76f57cd88d78176e53039981ab2caf08884b91a6f4c
-
SSDEEP
24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaQnoDWRioEwfnYptP5:2h+ZkldoPK8YaQoDWRVQ
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-