General
-
Target
z1AirWaybill-S2500465961.exe
-
Size
1004KB
-
Sample
250130-egpqrsyjfz
-
MD5
ba35d2938edbd08e3bee99a3f0342ecf
-
SHA1
c7bb7862db05dd181a6d0df1c6cf85333cf9606e
-
SHA256
35c15f0e2e558228afbff51b637bfd6e206c0d388a9296590b08d0b64bc6297a
-
SHA512
a600b0af55fc26adb07b1c1dfa69c719a519a97146651a8e2fa8e96c4d77fd2babc15d0f2f95bedca6351f5afbe5d75b4feb3a2aeb979f24cda31a63d4a71558
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXFmIaoiQtWUNTC5:Eh+ZkldoPK1XaoicLk
Malware Config
Extracted
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG-
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.npmmachinery.com - Port:
587 - Username:
[email protected] - Password:
^@SC}ST5oCG- - Email To:
[email protected]
Targets
-
-
Target
z1AirWaybill-S2500465961.exe
-
Size
1004KB
-
MD5
ba35d2938edbd08e3bee99a3f0342ecf
-
SHA1
c7bb7862db05dd181a6d0df1c6cf85333cf9606e
-
SHA256
35c15f0e2e558228afbff51b637bfd6e206c0d388a9296590b08d0b64bc6297a
-
SHA512
a600b0af55fc26adb07b1c1dfa69c719a519a97146651a8e2fa8e96c4d77fd2babc15d0f2f95bedca6351f5afbe5d75b4feb3a2aeb979f24cda31a63d4a71558
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXFmIaoiQtWUNTC5:Eh+ZkldoPK1XaoicLk
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-