General
-
Target
b74c353c7f406d3c7c9da4177fe9943025c777043ace9bad04f00afb54d5eff4.vbs
-
Size
26KB
-
Sample
250221-eh8j9sskfz
-
MD5
b5e502531a1b2831f619d00155c060fb
-
SHA1
537eef317221bac726a61558673d849cacd9d7b0
-
SHA256
b74c353c7f406d3c7c9da4177fe9943025c777043ace9bad04f00afb54d5eff4
-
SHA512
619c2a6fd05b61f6c76a2d0decae6c655c55587df2194e7e66325eee26b94f8cca3c97a405bad2882360ff5c793f53350b30b4916ab93303671131620a8cce96
-
SSDEEP
384:PeakpsZlGIoRS0mgqt4eQ3urB53TIPmrRHiXkHWAFcqnRCbj8L849P3:PeaDZlGeRViul53TIY4QxFdnRCuf
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.gtpv.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
b74c353c7f406d3c7c9da4177fe9943025c777043ace9bad04f00afb54d5eff4.vbs
-
Size
26KB
-
MD5
b5e502531a1b2831f619d00155c060fb
-
SHA1
537eef317221bac726a61558673d849cacd9d7b0
-
SHA256
b74c353c7f406d3c7c9da4177fe9943025c777043ace9bad04f00afb54d5eff4
-
SHA512
619c2a6fd05b61f6c76a2d0decae6c655c55587df2194e7e66325eee26b94f8cca3c97a405bad2882360ff5c793f53350b30b4916ab93303671131620a8cce96
-
SSDEEP
384:PeakpsZlGIoRS0mgqt4eQ3urB53TIPmrRHiXkHWAFcqnRCbj8L849P3:PeaDZlGeRViul53TIY4QxFdnRCuf
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-