General
-
Target
22022025_1441_21022025_quotationrequest9CR-1MOQ625323.pdf.z
-
Size
500KB
-
Sample
250222-sawsds1ndn
-
MD5
57f7823dbc25559213493c918e6cdbf7
-
SHA1
7a43886644055cdb17f7eb7b50144655f251796c
-
SHA256
411eeb09f70f1ea45f24086d5fed5ee676f9ca90eef9dd05fcb2d8298b9d7547
-
SHA512
bb5943b163abb80f4b70043da5702f1b488e9552e9b1fc4306e4589b0b6db32ebf5b7ca793f1b3ce124f10b028bee409250e6c0eabef068794318a296f2b9aaa
-
SSDEEP
12288:SNbf3tst+aMEkf+gxWl/1KE/Z3haHJWHTMWUC2i8/w0Q+qtgSXuhAJG:SZPCt+alkfXxWl/sYZTH/4iYwPsGkAJG
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
ifSg^KL6 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
ifSg^KL6
Targets
-
-
Target
quotation request 9CR-1MO (Q625323).exe
-
Size
525KB
-
MD5
d1634724e36570f459f2330d72e6c2e6
-
SHA1
950eb897d6a0714ecef206ca9852ebf4ac693e5e
-
SHA256
fa98a8ee2e614edd5a9d072cdd9d6c5b7034cbff4f4c431901a548bb5eaccb0e
-
SHA512
ca4330972e6a7ee1192fbfd11725d98688f6c86b664048a7438b4fcce0c8381e17556d63d4ee3370c8a039eb246a110d989fade97403f48114ecb5e47c537c1b
-
SSDEEP
12288:CquErHF6xC9D6DmR1J98w4oknqOOCyQf6503dtfae8wP9e2Ag:Hrl6kD68JmlotQf6itpaeNle2N
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-