General
-
Target
dad545332098b6ac9a495579eec0908008903ecfb86365eff0711b3d93bdd4da.exe
-
Size
1.2MB
-
Sample
250203-edtwbayrbv
-
MD5
a5956a0bd4e775a24f37a8aec90f298c
-
SHA1
ca31450f5809e212efb6c8036b5d1e974fcaa34e
-
SHA256
dad545332098b6ac9a495579eec0908008903ecfb86365eff0711b3d93bdd4da
-
SHA512
38e56810020c455634c8143bafe08c34f09f1994a18796a24b1b6ef33728062d7a9c4ecfb573b57a7c284817448f8b3ff45cdd1b54bf5babf9507e097703f58a
-
SSDEEP
24576:OA9km6k/IwRYbiBeKGC3Ttf4CVmOdorsVRmUq83:f9sk/IRUnjtfVor6F
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7057659630:AAFimyTDK97bk--tGx0V9NZ3l1ggFNh71Fc/sendMessage?chat_id=6898292898
Targets
-
-
Target
dad545332098b6ac9a495579eec0908008903ecfb86365eff0711b3d93bdd4da.exe
-
Size
1.2MB
-
MD5
a5956a0bd4e775a24f37a8aec90f298c
-
SHA1
ca31450f5809e212efb6c8036b5d1e974fcaa34e
-
SHA256
dad545332098b6ac9a495579eec0908008903ecfb86365eff0711b3d93bdd4da
-
SHA512
38e56810020c455634c8143bafe08c34f09f1994a18796a24b1b6ef33728062d7a9c4ecfb573b57a7c284817448f8b3ff45cdd1b54bf5babf9507e097703f58a
-
SSDEEP
24576:OA9km6k/IwRYbiBeKGC3Ttf4CVmOdorsVRmUq83:f9sk/IRUnjtfVor6F
Score10/10-
Modifies Windows Defender DisableAntiSpyware settings
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-