General
-
Target
25012025_0225_23012025_Payment Advice - Advice Ref[A22D4YdWsbE4].pdf.z
-
Size
867KB
-
Sample
250125-cwbrcaskhn
-
MD5
4d923ca5f725d9b58b9ecd822f5e3cad
-
SHA1
216e3e1806ee96ac742402d0cfd796848c5cdf94
-
SHA256
b90b66659c0c9c2356fcaa39603b26d85468478eb9761a28d73458105b4d18ce
-
SHA512
6b16c49fb663fffc561a1cd37b3ba70034640714514de1a7edc2ddf52fe957bc989db59c51b3a633e283c7448628348b5a4c8d896833659a56ae93d63dae13ea
-
SSDEEP
12288:4sNx+QKbK8kIyYCedTnjjZ4UFe4WPVnhtE1V+AxozLjqeTeCm9ZZcrAxTl7QdlNp:4U+Q7KyXetJrsl9n7q+J/T/eDQdlNp
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
cash@com12345 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
cash@com12345
Targets
-
-
Target
Payment Advice - Advice Ref[A22D4YdWsbE4].exe
-
Size
1.2MB
-
MD5
09c8438a2c2fa294c281cb2fc46b963c
-
SHA1
5aa193733bcb444115799133aa589d819524597e
-
SHA256
f6dea5d012caf182412ad12f185143c5e9d35a46c8ad183dbb7566570fccda41
-
SHA512
d815af68e5c89b1bb89e58faf04d9ae2561d8adf0d22232cd906fc567a3aa65d47804f87e63495e04d3949a4a04e4516637022deb131af24f90c99d4edc34a34
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCsjX5QAGvNR+S/W0Jvd4qYW/A:7JZoQrbTFZY1iaCQXCZbFu0Jvd4qYl
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-