General
-
Target
GPL - INQUIRY-HQ242654.exe
-
Size
937KB
-
Sample
250120-s8rlbsxjbj
-
MD5
bc7baa033dff24e20cf7180039f730f1
-
SHA1
e63aa08c5ff536cc60859e76223405a83d15af25
-
SHA256
ff8b7e1dd30b48c8c2144509dbf84b3103160a4fd8dcdb4341a782eb60592f0e
-
SHA512
88a9768b65c0d6b7af3f29c4e8b2326ad38f1866445e11ccf7d9deeb97669e3514519226c881e07aaf6f335f4ad4de462a1f3a3e56446fa659e1ec3700e75715
-
SSDEEP
24576:0thEVaPqLqn8vgIiregw+cVizAKDupFZZoJSyIU8is:IEVUcXVfPVWSxnis
Malware Config
Extracted
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t - Email To:
[email protected]
https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544
Targets
-
-
Target
GPL - INQUIRY-HQ242654.exe
-
Size
937KB
-
MD5
bc7baa033dff24e20cf7180039f730f1
-
SHA1
e63aa08c5ff536cc60859e76223405a83d15af25
-
SHA256
ff8b7e1dd30b48c8c2144509dbf84b3103160a4fd8dcdb4341a782eb60592f0e
-
SHA512
88a9768b65c0d6b7af3f29c4e8b2326ad38f1866445e11ccf7d9deeb97669e3514519226c881e07aaf6f335f4ad4de462a1f3a3e56446fa659e1ec3700e75715
-
SSDEEP
24576:0thEVaPqLqn8vgIiregw+cVizAKDupFZZoJSyIU8is:IEVUcXVfPVWSxnis
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-