General
-
Target
Receipt Copy001pdf.exe
-
Size
993KB
-
Sample
250129-qncwbsyrbv
-
MD5
5b15cda50a751110bb9c7f1fe8eb3b2f
-
SHA1
62547ae272eb9be69ad5fd565782dc569b453ec7
-
SHA256
aaee9ff9746646836f3538beea0c59fb1c83ee095023d09899238ae732bd190e
-
SHA512
d1a1157df7a54ebde01903031224dfef6cbfc548ff853cec1edfe85d1abb5472e7128e1bc1c4c0fcd8f63fb2516655780f1bdbfa2721eada862f6e8dbbfe831f
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXFmIaMfRIHnJ1RvKr3m5:1h+ZkldoPK1XaMGHnJ1srs
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG- - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG-
Targets
-
-
Target
Receipt Copy001pdf.exe
-
Size
993KB
-
MD5
5b15cda50a751110bb9c7f1fe8eb3b2f
-
SHA1
62547ae272eb9be69ad5fd565782dc569b453ec7
-
SHA256
aaee9ff9746646836f3538beea0c59fb1c83ee095023d09899238ae732bd190e
-
SHA512
d1a1157df7a54ebde01903031224dfef6cbfc548ff853cec1edfe85d1abb5472e7128e1bc1c4c0fcd8f63fb2516655780f1bdbfa2721eada862f6e8dbbfe831f
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXFmIaMfRIHnJ1RvKr3m5:1h+ZkldoPK1XaMGHnJ1srs
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-