General
-
Target
Shipping Documents-180225 WP21BZ059.exe
-
Size
1.9MB
-
Sample
250221-kjamhsxnbw
-
MD5
679da76a671452de2f13a1585028e74e
-
SHA1
e89c5b5d3b31025710714c14955d22820e2ed493
-
SHA256
44095f79a9e682a29ed75fab33f6dcf1e2f11937097e4c7e3f84080ff7444048
-
SHA512
e21d43f7bbfd77ce1fdccf438655385ee1efd026f29adba0c1e979186de0b28b8495c97ed4e89b9324d484b0db4ce9c9e5d29964d4df395be54f6477d086959c
-
SSDEEP
24576:SUeQg2PvNPjxiF1LeVFJ03GDJuwAP3OED/NSq66+0wZPK8FbqFnAYJytaEVarmmI:tNrxiHUJK8lAP3vD/A0uC8tBcytaeXd
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
25 - Username:
[email protected] - Password:
moneyismade22 - Email To:
[email protected]
Targets
-
-
Target
Shipping Documents-180225 WP21BZ059.exe
-
Size
1.9MB
-
MD5
679da76a671452de2f13a1585028e74e
-
SHA1
e89c5b5d3b31025710714c14955d22820e2ed493
-
SHA256
44095f79a9e682a29ed75fab33f6dcf1e2f11937097e4c7e3f84080ff7444048
-
SHA512
e21d43f7bbfd77ce1fdccf438655385ee1efd026f29adba0c1e979186de0b28b8495c97ed4e89b9324d484b0db4ce9c9e5d29964d4df395be54f6477d086959c
-
SSDEEP
24576:SUeQg2PvNPjxiF1LeVFJ03GDJuwAP3OED/NSq66+0wZPK8FbqFnAYJytaEVarmmI:tNrxiHUJK8lAP3vD/A0uC8tBcytaeXd
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-