General
-
Target
66625f3ad926d6bc4e6a7ddd88d2b69ab8042406df0f2c5661c3ab7ed17309cf
-
Size
692KB
-
Sample
250701-e8rdnsar9v
-
MD5
f8d0807172b600dc29bfbe674b87a91f
-
SHA1
e03e6994583136109002f71b7d24b59e37dde0bf
-
SHA256
66625f3ad926d6bc4e6a7ddd88d2b69ab8042406df0f2c5661c3ab7ed17309cf
-
SHA512
3489ec8f717f637b40d6e233a011a1651c5cbdda267b8bbd2a78227916ff1b4fd7b841c3f985a3ca8b8618eff6ed105fcbee3f151ac1137737fe598e4489a621
-
SSDEEP
12288:gMCvVVK8F/lE1fvr1J4tsVboSuzavk9ysBnC3JLlOUYxOJFc/qbfMiu:fCvfXE17v4aKcZgC3xk9EFAq2
Static task
static1
Behavioral task
behavioral1
Sample
kindly quote your best price for the listed goods..exe
Resource
win10v2004-20250610-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aktagor-prom.by - Port:
587 - Username:
[email protected] - Password:
RC84pv9H2*F
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.aktagor-prom.by - Port:
587 - Username:
[email protected] - Password:
RC84pv9H2*F - Email To:
[email protected]
Targets
-
-
Target
kindly quote your best price for the listed goods..exe
-
Size
763KB
-
MD5
668d73ce07fae36076859ecfb9ee11b2
-
SHA1
b4499a5ee979f863d02be1e307652505b0a1b2f6
-
SHA256
62189b25fc1d9278b2382de2478835111bb016004d383b2884dcf6ed19d17933
-
SHA512
866eb4a28d522c756fb458a7557731204022d55c67f3ab03760152976a98c5c16a4f2261bb265bf4d6b1b68810e5f89e6040a4cf122742b782f597713fad6951
-
SSDEEP
12288:ET+iZMeKlE1/vPZJ+tsfboAuzqvA+EXEf97Tr+54JIJoE5ScUYtOvFc/7VTIPjU4:siE1fT+a8sA+ds4JIKE5hR0FAF8jUDJ
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-