General
-
Target
MARTINMaintainacespareparts.exe
-
Size
1.1MB
-
Sample
250203-rn6zvavpdn
-
MD5
49a5c0a73b3c2e815bc7c96e1a6734d4
-
SHA1
de50936b1bc6e4a2ecb3b0e02afe504004ad8bd8
-
SHA256
d38b46579ea8db2c90865037a8756401bbb18a41dd1fb494b3f18d98299cf88e
-
SHA512
ee6f58e6722fb0b85a50c50a32108264a928788f04ff73d78e6f73a3134e663fd34cf3ea873d9b1838c1b0231396ddc38f99ef3d4a90a40c24b90d3673cec0ab
-
SSDEEP
24576:UAHnh+eWsN3skA4RV1Hom2KXFmIaPfGzdbraePuNZUE5:jh+ZkldoPK1XaPfIdbraePmz
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8043603189:AAFpR2ormgQgQpP5aDirNgZd72aHXUsGdlI/sendMessage?chat_id=2135869667
Targets
-
-
Target
MARTINMaintainacespareparts.exe
-
Size
1.1MB
-
MD5
49a5c0a73b3c2e815bc7c96e1a6734d4
-
SHA1
de50936b1bc6e4a2ecb3b0e02afe504004ad8bd8
-
SHA256
d38b46579ea8db2c90865037a8756401bbb18a41dd1fb494b3f18d98299cf88e
-
SHA512
ee6f58e6722fb0b85a50c50a32108264a928788f04ff73d78e6f73a3134e663fd34cf3ea873d9b1838c1b0231396ddc38f99ef3d4a90a40c24b90d3673cec0ab
-
SSDEEP
24576:UAHnh+eWsN3skA4RV1Hom2KXFmIaPfGzdbraePuNZUE5:jh+ZkldoPK1XaPfIdbraePmz
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-