General
-
Target
Sigmanly_ab21f04dfff9067abc07e8bc80e5d3b3450b8891dffe53f58034c1c7ad51ed55
-
Size
532KB
-
Sample
250203-tedm2sxmhr
-
MD5
23ad078999fb9901917f9f7bde5fe6cd
-
SHA1
db5dee45dc3a25091ae455a49db41cdba70dd8cc
-
SHA256
ab21f04dfff9067abc07e8bc80e5d3b3450b8891dffe53f58034c1c7ad51ed55
-
SHA512
3592957d287cb1a91ca67e53b4737559e43456bc28d09de43e5d9f61cfb96f68ceb5ab653f4e207e94fe4bddd97d0814996b6c32fc7d99b69c09f5b5c01363e2
-
SSDEEP
12288:uYV6MorX7qzuC3QHO9FQVHPF51jgco+UAex8WzBUhe:NBXu9HGaVHJex8Sx
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Global786@
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Global786@ - Email To:
[email protected]
https://api.telegram.org/bot8066712820:AAEAb01u8B6eDO5xCMdAz6XCOHC_L2RpVGo/sendMessage?chat_id=7667424178
Targets
-
-
Target
Sigmanly_ab21f04dfff9067abc07e8bc80e5d3b3450b8891dffe53f58034c1c7ad51ed55
-
Size
532KB
-
MD5
23ad078999fb9901917f9f7bde5fe6cd
-
SHA1
db5dee45dc3a25091ae455a49db41cdba70dd8cc
-
SHA256
ab21f04dfff9067abc07e8bc80e5d3b3450b8891dffe53f58034c1c7ad51ed55
-
SHA512
3592957d287cb1a91ca67e53b4737559e43456bc28d09de43e5d9f61cfb96f68ceb5ab653f4e207e94fe4bddd97d0814996b6c32fc7d99b69c09f5b5c01363e2
-
SSDEEP
12288:uYV6MorX7qzuC3QHO9FQVHPF51jgco+UAex8WzBUhe:NBXu9HGaVHJex8Sx
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-