General
-
Target
0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8N.exe
-
Size
947KB
-
Sample
250112-zj32ds1lhm
-
MD5
a3b930d818008118d4a1c0a055ca5210
-
SHA1
631640062da01787484d2677c15b89948997def8
-
SHA256
0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8
-
SHA512
45562b51dac125aba163604c191076cbc9b849294b6d0f81b9017a3d646c913d9e861a9429a2298f611766c0a260642b7459789fb104f3bd3613bd8ea42375ff
-
SSDEEP
24576:eMaSSKy2/SPNtqqR4tWOb780ySppfysKP:eRQGObXySppfyR
Static task
static1
Behavioral task
behavioral1
Sample
0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.aruzen.co.in - Port:
587 - Username:
logistics@aruzen.co.in - Password:
Pawsad-xovwut-2zoxso - Email To:
stefano.clemente-memoryworld@wstceh.com
Targets
-
-
Target
0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8N.exe
-
Size
947KB
-
MD5
a3b930d818008118d4a1c0a055ca5210
-
SHA1
631640062da01787484d2677c15b89948997def8
-
SHA256
0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8
-
SHA512
45562b51dac125aba163604c191076cbc9b849294b6d0f81b9017a3d646c913d9e861a9429a2298f611766c0a260642b7459789fb104f3bd3613bd8ea42375ff
-
SSDEEP
24576:eMaSSKy2/SPNtqqR4tWOb780ySppfysKP:eRQGObXySppfyR
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-