General
-
Target
8135e54ce7beff8ca4566c125fa8196e197a22d01a7cbebcf9b2d12cc39b848f
-
Size
691KB
-
Sample
250701-e81mcasks9
-
MD5
c4d098e7bf71abe973e5e8541faa8bdf
-
SHA1
26d2315dc6206e24248275d55141d89eb59a32dd
-
SHA256
8135e54ce7beff8ca4566c125fa8196e197a22d01a7cbebcf9b2d12cc39b848f
-
SHA512
cc044c9577622caaeab13833f9709201db704a654907af9173667aa21bf0e863e4497de6cb0a2b214de9e00b73697c03ad2cf2e3d4e11136c7e3762160948881
-
SSDEEP
12288:kA+ck5YKY8l7KVMSkYnfp1UJ17veHZLUB1jqQaY/KJOPigNVO0r3/pSH090s496M:J+ck568l7QLnh6/7OJU6Q5RbrwQkad8
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order No.1364..exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
Purchase Order No.1364..exe
Resource
win11-20250610-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.pth.com.sg - Port:
587 - Username:
[email protected] - Password:
5[1P@{5]6BJ+
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.pth.com.sg - Port:
587 - Username:
[email protected] - Password:
5[1P@{5]6BJ+ - Email To:
[email protected]
Targets
-
-
Target
Purchase Order No.1364..exe
-
Size
763KB
-
MD5
3f5850ff6d3dfa5e3c165d7f6b0ce682
-
SHA1
f17f6c33f87c37b6080f686834deb2cef504c269
-
SHA256
d16e631c7b57f0b20be7b526e713f29800ac13b68694e01f33136a4fae643f7e
-
SHA512
fb141878c65e8e865a0e9c1031bbf087ebdfeb1b8a03ba3d1fa713a13416acb518e5eabdd0e7e8961218b5220bd220a4680c22521f0e6a15d4231e0c3bbf0017
-
SSDEEP
12288:VJ+ivMeX6nT+VMSkYdboV1U31x7eHZLUV1TqQSY/UJOXigN1O0r3U7Y5e5M6VkgL:BkALdE6Fx6JUGQrxqYM5De98um/
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-