General
-
Target
Urgent payment request 【紧急付款请求.exe
-
Size
992KB
-
Sample
250130-jw5gzsvphs
-
MD5
a236ea4360f7d7233b98bb87b032f067
-
SHA1
7914eb53d0f98ba312b2494ac218b15779465062
-
SHA256
8374c0f3cbe0440e2a5d84237360a4f4930a939e8f16655fb53ddfe9f8fd91fe
-
SHA512
fe5bc1e574d4b758f2afc4d309528252883eb3b521d33c7257c280aea530cfdc3ba1721993a9a399f6132a8f4c79b54aa75f2bbf6f6728fe5954818bbbcded85
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXFmIamxbR2exm1j5:Eh+ZkldoPK1XamxFe
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Global786@ - Email To:
[email protected]
https://api.telegram.org/bot8066712820:AAEAb01u8B6eDO5xCMdAz6XCOHC_L2RpVGo/sendMessage?chat_id=7667424178
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Global786@
Targets
-
-
Target
Urgent payment request 【紧急付款请求.exe
-
Size
992KB
-
MD5
a236ea4360f7d7233b98bb87b032f067
-
SHA1
7914eb53d0f98ba312b2494ac218b15779465062
-
SHA256
8374c0f3cbe0440e2a5d84237360a4f4930a939e8f16655fb53ddfe9f8fd91fe
-
SHA512
fe5bc1e574d4b758f2afc4d309528252883eb3b521d33c7257c280aea530cfdc3ba1721993a9a399f6132a8f4c79b54aa75f2bbf6f6728fe5954818bbbcded85
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXFmIamxbR2exm1j5:Eh+ZkldoPK1XamxFe
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-