General
-
Target
7dc7eac0c3b1dfbd5f94c1867ef65fae42d798cf5f9402f139fb23042227936c.exe
-
Size
912KB
-
Sample
250119-w1jgjazlfz
-
MD5
7e8451251480373be32c84a49e35d465
-
SHA1
1424f567a5ab33cec73497089351e2407a9f6d8d
-
SHA256
7dc7eac0c3b1dfbd5f94c1867ef65fae42d798cf5f9402f139fb23042227936c
-
SHA512
2f191380b2990a6325f4a47621e9777238addbe673066a632d91129089c53d8426134a65cd5801827aa33158b554c507dd4b129ea3b689119a45a95adb025951
-
SSDEEP
12288:Bh/GTyWXV7OQ9/3hsefkTl9QrBjDiDnt+nnF24polvxjJKWIekwZGot4Go3NKm5d:BhexOQ9HfkTHQ9vynCnF2fsYHM0TL2/
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.puragenicindia.com - Port:
587 - Username:
[email protected] - Password:
Tt83LN,]V)@{ - Email To:
[email protected]
Targets
-
-
Target
7dc7eac0c3b1dfbd5f94c1867ef65fae42d798cf5f9402f139fb23042227936c.exe
-
Size
912KB
-
MD5
7e8451251480373be32c84a49e35d465
-
SHA1
1424f567a5ab33cec73497089351e2407a9f6d8d
-
SHA256
7dc7eac0c3b1dfbd5f94c1867ef65fae42d798cf5f9402f139fb23042227936c
-
SHA512
2f191380b2990a6325f4a47621e9777238addbe673066a632d91129089c53d8426134a65cd5801827aa33158b554c507dd4b129ea3b689119a45a95adb025951
-
SSDEEP
12288:Bh/GTyWXV7OQ9/3hsefkTl9QrBjDiDnt+nnF24polvxjJKWIekwZGot4Go3NKm5d:BhexOQ9HfkTHQ9vynCnF2fsYHM0TL2/
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-