General
-
Target
New Order rar.exe
-
Size
1.0MB
-
Sample
250128-rhtsbs1lbz
-
MD5
e4cc85da5b098fe9332ff8a99be5bf5c
-
SHA1
6824234c6701eb0d89bb0ea664f8e9aecc01c2a5
-
SHA256
e47486f4fec646f2e17005349fa8ace874ed5ec254f12e7633691a4d19e9bc6d
-
SHA512
f9dc7a45895bc82e23ed1693cc67a94dc8fad4a1fc216f1760ecd299df1563f1136c4d690a1695b5db98e47110aab27e009624c14377ae378064f776fc423814
-
SSDEEP
24576:FAHnh+eWsN3skA4RV1Hom2KXFmIafHdq0En4QZeenwB5:0h+ZkldoPK1Xaf9q0EV6
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG- - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG-
Targets
-
-
Target
New Order rar.exe
-
Size
1.0MB
-
MD5
e4cc85da5b098fe9332ff8a99be5bf5c
-
SHA1
6824234c6701eb0d89bb0ea664f8e9aecc01c2a5
-
SHA256
e47486f4fec646f2e17005349fa8ace874ed5ec254f12e7633691a4d19e9bc6d
-
SHA512
f9dc7a45895bc82e23ed1693cc67a94dc8fad4a1fc216f1760ecd299df1563f1136c4d690a1695b5db98e47110aab27e009624c14377ae378064f776fc423814
-
SSDEEP
24576:FAHnh+eWsN3skA4RV1Hom2KXFmIafHdq0En4QZeenwB5:0h+ZkldoPK1Xaf9q0EV6
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-