General
-
Target
Quotation_1.7z
-
Size
716KB
-
Sample
250225-ra2g7symw9
-
MD5
aa6e1e31a7a7bd7116086533c28dc560
-
SHA1
bad945997b6a95f9db908ab3656c6aed33549117
-
SHA256
bf1360fa5acf56b0ca70cf9fecce1e62affe486394332fc4769cc68365b046c6
-
SHA512
e9394a7db1f8de50da769cbe507b67fabb9d09d320448f181be832a3d67581ac2a1c5a353b4fe091b924e3baf57ef7a53e4487a906ee53514064ec9f8bd4a023
-
SSDEEP
12288:zUqaB90M6jI5wPO/8QGjVb3mZSW2sZz7HpQteHfiKABIphCorHY1oYXx0t7WHWQ:zUqaBRwvOUvE8MVGMHfJpz4la9WZ
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
Quotation.scr
-
Size
902KB
-
MD5
7b935ea77c1c8a3492b94bd38127b0f6
-
SHA1
b997cc63af4b1737bcca8e9196b5a31c61d4587b
-
SHA256
3c3ee81b16819a7a161ebac5635d2f2b989ccf93bf4ab7140964dfa581b3b5bc
-
SHA512
43f0edd9d40ff13112296280561d9d88c8d35fc2c2d7d18a9c591418b527a3ee4da2d3ba3a074bf68f3fc421b5a08862cbcfe30eefc5192c7198d6587a760848
-
SSDEEP
24576:DMBqKB/5JqlJ9gWo/xOnycS96SuEt9bzeMA8L:DMBqKdqhUgycS8xEDea
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-