General
-
Target
555a160f2077ef6393d91dc0c0a2b706aacc306a3d03d9d5bdb35bdbdbcc61c7
-
Size
578KB
-
Sample
250109-cpp1dswngj
-
MD5
046af4ab61d1f840d9e101bb04276833
-
SHA1
e7f180a059efa940507cd07d4b28187d3f840cf9
-
SHA256
555a160f2077ef6393d91dc0c0a2b706aacc306a3d03d9d5bdb35bdbdbcc61c7
-
SHA512
785d487407e858a5268c7f53802f8228ddbf7a96c5eadf592422b7510ee0920e498d653411006cc746ae27bb902655bf31ecf9ca06123e1af93472a38582743a
-
SSDEEP
12288:irW2Dkm2+G1F/7Usk7QIC+Vf5cxWdSMrIcEVsjz4VVNv3f:f2J5G1NUslIC+VBcitIcRz4V/vP
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.gtpv.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
RFQ SHEET PX2 MULE25 SHENZHEN LUCKY.exe
-
Size
1.0MB
-
MD5
16b502d5e12936ef986ccf61ea9a2f77
-
SHA1
96129f50be1e6e43dcc166122a1391748a6c5d62
-
SHA256
615be2fbf9581924f6e94a7b59e769c89d25d81bbdc6eba61cec4ef0c29d0cc1
-
SHA512
45f3fa80119dc01bfa57a3d5c1eac8ce407afcb173c1d525213acaa9e843324c5e4b0842f65f4659daec4920ee804b4868fb0f08f095b1f766028eb4431f5b5e
-
SSDEEP
24576:qUS8CVo3A9Lc7PYKKCMpCcUsVEvfJFLIs7Q:eji4cDYEMgB0p
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-