General
-
Target
eadcb6ea284444fdf72e7fa141be4a0d9d61d5bdd95bdb353e12c507915de1f8.exe
-
Size
1.0MB
-
Sample
250110-sc3zgszpbp
-
MD5
44f0ea32a5acf017acf1d2a595c615f1
-
SHA1
ef36981f3271cf8c1a4b16a86b3d5f232337bb93
-
SHA256
eadcb6ea284444fdf72e7fa141be4a0d9d61d5bdd95bdb353e12c507915de1f8
-
SHA512
b922afcafefd047e319dc2b4806bd9846b4b4b482ee17cb200ab581d2ccf35138cd0e264ace05d6a284b3d1cf176f9ebd886c45e2a7e3f58e6f34b8b6c614e2c
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aDHikw:0TvC/MTQYxsWR7aDHik
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.acadental.com - Port:
587 - Username:
[email protected] - Password:
Dental9201$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.acadental.com - Port:
587 - Username:
[email protected] - Password:
Dental9201$
Targets
-
-
Target
eadcb6ea284444fdf72e7fa141be4a0d9d61d5bdd95bdb353e12c507915de1f8.exe
-
Size
1.0MB
-
MD5
44f0ea32a5acf017acf1d2a595c615f1
-
SHA1
ef36981f3271cf8c1a4b16a86b3d5f232337bb93
-
SHA256
eadcb6ea284444fdf72e7fa141be4a0d9d61d5bdd95bdb353e12c507915de1f8
-
SHA512
b922afcafefd047e319dc2b4806bd9846b4b4b482ee17cb200ab581d2ccf35138cd0e264ace05d6a284b3d1cf176f9ebd886c45e2a7e3f58e6f34b8b6c614e2c
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aDHikw:0TvC/MTQYxsWR7aDHik
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-