General
-
Target
024c6ba7e39bd88a0887e7dc3eb14aa1fe79dcfa77c4eaf5854bb759a0a8a141
-
Size
1.2MB
-
Sample
250228-l2tnsaxzbw
-
MD5
ca1047e99f23ab51dc43078ba8d323c4
-
SHA1
07703590672ae830688677c6ca738c52ad9f2db5
-
SHA256
024c6ba7e39bd88a0887e7dc3eb14aa1fe79dcfa77c4eaf5854bb759a0a8a141
-
SHA512
ee51dc32402c5606c88b5c650c7d906c45e875f491910e28ae7f8fb5ca313f9813c1a01b56d2e6dcc5ff7bf07a227b676c39f5f466a7bd87ba88560c30b0079d
-
SSDEEP
24576:Uhv0QWH1dZTt0UMt0ll1sTqsDLZwvqYDx8qerODF0O+aaKmxCzx:Uhv0bH1dRt0UMtOl1sOsDLZIBerc+hxY
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
webmail.gvictery.com - Port:
25 - Username:
[email protected] - Password:
Hong1357@J - Email To:
[email protected]
https://api.telegram.org/bot7832616373:AAEM8C5FLt6rPa9QBsPEMiFQXNkYoq1c6z8/sendMessage?chat_id=1637651323
Targets
-
-
Target
ONE QUOTE (SPOT) RATE DATE 28TH FEB 25.exe
-
Size
1.5MB
-
MD5
48b7eff0eda9be1d5e4960c4661c0f2e
-
SHA1
da2313678c8827f488059dffd765ab574d8d4067
-
SHA256
9066216fa54f8e8475f0e2afa8f4318ca5f24245e44ce84ccd92e901f05347e5
-
SHA512
878eaed2fbcba9ad7326b712b919a6a89af88aa064a2fcf538e4958cd35a6096aa2b1494160d6c389dc85ac55ee37d51da1872edf388ec77b2743c04fe2d0273
-
SSDEEP
24576:6loGrJd0Uet0Dh1sBKY/ZlkvqgZliIU3U5FyI+a2K4VOb:gTJd0Uetwh1sUY/ZluxU3C+9VO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-