General
-
Target
URGENTDHL-OVERDUEACCOUNTLETTER-1300711528.exe
-
Size
2.4MB
-
Sample
250227-ha3wlazmv5
-
MD5
c3b5d2314930b677e70e2174647eec9c
-
SHA1
ca3f9e5900c943c0aa33efd95c83fac1850b0aa0
-
SHA256
140b71c1dc8ccf24de4f4bdd0c1acd6db259b720eb263123b7c100d5a6051852
-
SHA512
b63ea62c13e5f421eb945afb6f02a01448db42c9fe7c97a6085851048a1f184f43af744355f93115065b4bfcf3eee59f806a6701de7767a49eb155ec55fca587
-
SSDEEP
49152:4LmAT3UAXdrbW5Z6MneR+Hq/GdEv3hg4W8ZSS:ImAYA6ZvHq/XhgI
Static task
static1
Behavioral task
behavioral1
Sample
URGENTDHL-OVERDUEACCOUNTLETTER-1300711528.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
URGENTDHL-OVERDUEACCOUNTLETTER-1300711528.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
25 - Username:
[email protected] - Password:
moneyismade22 - Email To:
[email protected]
Targets
-
-
Target
URGENTDHL-OVERDUEACCOUNTLETTER-1300711528.exe
-
Size
2.4MB
-
MD5
c3b5d2314930b677e70e2174647eec9c
-
SHA1
ca3f9e5900c943c0aa33efd95c83fac1850b0aa0
-
SHA256
140b71c1dc8ccf24de4f4bdd0c1acd6db259b720eb263123b7c100d5a6051852
-
SHA512
b63ea62c13e5f421eb945afb6f02a01448db42c9fe7c97a6085851048a1f184f43af744355f93115065b4bfcf3eee59f806a6701de7767a49eb155ec55fca587
-
SSDEEP
49152:4LmAT3UAXdrbW5Z6MneR+Hq/GdEv3hg4W8ZSS:ImAYA6ZvHq/XhgI
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-