General
-
Target
f82229c0e4d0752a73b778370240bea2aedffde4329be0b982d697245e77bf20.exe
-
Size
843KB
-
Sample
250225-b9rt2stqs9
-
MD5
cebd38ae0d68dca4eb9d247ad044f413
-
SHA1
ddc6e61cb4737db0b8c77b3c07ee45998df5f74f
-
SHA256
f82229c0e4d0752a73b778370240bea2aedffde4329be0b982d697245e77bf20
-
SHA512
708e64186c2808bc95c7ee02bba7c90162460367f018ba8ae8728e907e0505ab56367011921ac88ded8ecc06fef322092c656572dd77b5432df797ee67325442
-
SSDEEP
12288:ROovHlb/a13/KiTO5rry72+QwfgivOKFd01e0Bq:RZle1vHTO5r9Cl0Bq
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
uniform.gr - Port:
587 - Username:
[email protected] - Password:
qkTHtoV5%]8% - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
uniform.gr - Port:
587 - Username:
[email protected] - Password:
qkTHtoV5%]8%
Targets
-
-
Target
f82229c0e4d0752a73b778370240bea2aedffde4329be0b982d697245e77bf20.exe
-
Size
843KB
-
MD5
cebd38ae0d68dca4eb9d247ad044f413
-
SHA1
ddc6e61cb4737db0b8c77b3c07ee45998df5f74f
-
SHA256
f82229c0e4d0752a73b778370240bea2aedffde4329be0b982d697245e77bf20
-
SHA512
708e64186c2808bc95c7ee02bba7c90162460367f018ba8ae8728e907e0505ab56367011921ac88ded8ecc06fef322092c656572dd77b5432df797ee67325442
-
SSDEEP
12288:ROovHlb/a13/KiTO5rry72+QwfgivOKFd01e0Bq:RZle1vHTO5r9Cl0Bq
Score10/10-
Modifies WinLogon for persistence
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-