General
-
Target
27022025_1839_27022025_Thermo Fisher RFQ_TFS-1500.001
-
Size
587KB
-
Sample
250227-xajkaavvaz
-
MD5
7079b7af7d5a43b44b76c0df00fe7229
-
SHA1
eb725e20000247a2537e2c8e863ab0def95680d8
-
SHA256
1f5d23c8bfb59b125b3d3db4022df3f12d1ef65e3ac6ec0bacff45a220d76e88
-
SHA512
7d03379675b82b3717df55ae85ffed306bd512f05de21abb4f784c9f619fcb3a222966408ee85e2d3abd1fcd737dc983ea6f416f939bac8b2d6c4b630a179969
-
SSDEEP
12288:F5wPtPYGb0w01uJGK061rN2Vgw6GGN6eaq2pJFyShBBokPsHwpaIi:PwlQk0i5rQiw8N3aquJFyodsQEIi
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Cash@com12345 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Cash@com12345
Targets
-
-
Target
Thermo Fisher RFQ_TFS-1500.COM
-
Size
1.0MB
-
MD5
72801b25b4e0debf3de0b929033625a8
-
SHA1
c0d1f773c63fd8f5f755572b1a58580ceb3557c3
-
SHA256
bafbb21be006e0d958716146d386c278c1f812c0b347d0520418e83341034d61
-
SHA512
b491f0b348954fd1fb5b9cf188e826787686a700e9c97ce86284147d0fd820b5acbe221f66504f9397470de4fe6fd8724638d7869eced74b1a345ea8c7b14c16
-
SSDEEP
24576:du6J33O0c+JY5UZ+XC0kGso6FapXrX1FyoxsQt7WY:vu0c++OCvkGs9FapXr6oCQsY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-