General
-
Target
NEW FRANCE ORDER.tar.001.tar
-
Size
1.2MB
-
Sample
250328-qlhc2aykv6
-
MD5
974f153a36663417a8e85d4e6c0bd1f2
-
SHA1
2f831b2626f7c884605138430888934c3eda2907
-
SHA256
9c35edce9c3128f5173db54f41924c13818df57c5ac78414605c1d51d6adcd2d
-
SHA512
edd34eaf2ea451c383c2124f057124b0925d6dd6bb29b0db30aafaf3075ec6d96ad307f5684c7a593f78d20b6dc5ea31e0bf54c54d897bfcc88a655269d77b54
-
SSDEEP
24576:I9Dm144rcw4GJrQgKb1GW2npHZ/Ar7bioFYyy9XOBH1z:B14Mcw4G1Q4WkZsiEY8H
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
25 - Username:
[email protected] - Password:
moneyismade22 - Email To:
[email protected]
Targets
-
-
Target
NEW FRANCE ORDER.exe
-
Size
1.2MB
-
MD5
c42c3d3b8cd09debfbeb4917845bfc1c
-
SHA1
2894802c2848c43d9ac6833b614ca38f870c02d5
-
SHA256
0934fbe06034dbe5749eaaa72e57016b04ae3fc9b66cc8984815ebd3148b1626
-
SHA512
b039ab1095cd8112742566268106b8f4d52f83b02f511f7528aaabb509011b52f7786f35c648f6f60df15a0ca58f83471b75ff7270671c600f0da272fa6e28af
-
SSDEEP
24576:o9Dm144rcw4GJrQgKb1GW2npHZ/Ar7bioFYyy9XOBH1z:h14Mcw4G1Q4WkZsiEY8H
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-