General
-
Target
COMMERCIAL INVOICE-0125649.tar.001.tar
-
Size
1.3MB
-
Sample
250328-qlf5zayks9
-
MD5
34c9a537957bdabece87ef6595669dbb
-
SHA1
11ddb8690fb6b8544f0c38a3b7f6cb871267a3ba
-
SHA256
de16ece7028d4e1dc1f9385038abfa11cb87045a93365a08fd93c8c07240b57c
-
SHA512
0144348b365195b9eaaea7fd5611a98960c2a86f3f474f593de8eea04b4eb37fa7843943890070347419403bfb4f320e469092dfcec266621e44939577f6dcd8
-
SSDEEP
24576:ZAZBbTOOFGoKtlGO9oFSN+yiQ7srt1JD6pOSsSSBy:ZSVTOIGoKtCFb6kt3LvSwy
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
25 - Username:
[email protected] - Password:
moneyismade22 - Email To:
[email protected]
Targets
-
-
Target
COMMERCIAL INVOICE-0125649.exe
-
Size
1.3MB
-
MD5
e5daebb3ae95ef647abae065c439cd3f
-
SHA1
40a9a3d08bbcf8781858bca10560cd049c6b2415
-
SHA256
12d1e667249b08f89e4ee20b883da8d2496b5221bb0d4241bcc933aa8146ada7
-
SHA512
27d85798b3aa7e61c197365ab271cb6659f334895e6be4264973e4cf9270bfff3563c5a3e58b18496491142b7317d91c01ecd3a91ec37934d459972b0a11c30b
-
SSDEEP
24576:eAZBbTOOFGoKtlGO9oFSN+yiQ7srt1JD6pOSsSSBy:eSVTOIGoKtCFb6kt3LvSwy
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-