General
-
Target
590223ec6542c663523d1e7c50a56a4520b6e97d44460fcf8221a60162ae4522
-
Size
530KB
-
Sample
250127-pz2hdsypew
-
MD5
b152959129f8c8dcdcfde016dd0eb559
-
SHA1
3b2154527fab6820a763090b819c6e6dafefa22e
-
SHA256
590223ec6542c663523d1e7c50a56a4520b6e97d44460fcf8221a60162ae4522
-
SHA512
4a27b82a77c9352a6311c6690a1b7b25f1ea8b70ca765a4548c2336ea432b3e68ffecf1da2bd3053718fe6a1247b261303d6f6a99845d0def5a98b12bc5d834c
-
SSDEEP
12288:Smbvh3HKKkQrMrWo2+YAo4dlzejyxlxNvCLURQ9:SiJHKKknrTvYn4rz0aZvqME
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG- - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG-
Targets
-
-
Target
Global Chem List 1.27.25.exe
-
Size
827KB
-
MD5
6f41fbaa7470af3cc1c6194d997b63d6
-
SHA1
9d10a3b0bf95d04c4834ebf380f22b7ad088c41e
-
SHA256
a62c7c9c769aa4ffdd8729d5b5c688b1ef831be21d64247d75e7285d86e78af4
-
SHA512
316df40ccb2cb77fc825f74e18ec03579211978438bfb8ab88e394d2d5f6008ae565efcba3dc52879c3953e90d930d788df3b2b78d14045ced315e48279f4cc7
-
SSDEEP
12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCpeVyxldN/CLgUQr:uRmJkcoQricOIQxiZY1iaCpcap/q3G
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-