General
-
Target
01072025_0559_30062025_PO.zip
-
Size
665KB
-
Sample
250701-gpranseq5v
-
MD5
28d518255b33f323a78869a356f33181
-
SHA1
957bdf32f2b6a1e6c06181eef09fb1e1611dd7ee
-
SHA256
1b7b2b312e516e269db70df333a5730d4088a065bbd2c11e76d32c7bad075822
-
SHA512
3ed25d1868737ac9173542f72ed67336c05425488d6a4673f865ebfeb56f1ba82357a865cdc778d2d2692ae47090262b8208f54b283650f6002f5ac6054a0d88
-
SSDEEP
12288:rcdqHNxOQeHrbyFz9yoBJmjo3i0q2Q420bk/wLAEjzkh+WBJNLiszQEG5asBhowR:3XOVXyFRcX200XAwkEG9RUvByR6
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win10v2004-20250619-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
n2eM4mz7D`w@>;
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
n2eM4mz7D`w@>; - Email To:
[email protected]
Targets
-
-
Target
PO.exe
-
Size
724KB
-
MD5
494ff9dd49ad6adaf5311211433596a1
-
SHA1
e80d0dde6967f2a367da42d3518a5123bce5cba9
-
SHA256
ebacd47d8d9c76fbc8e7f1c2d4768f5db3911ce8374ac2a704223c7c302b6998
-
SHA512
63c3f463c2b186789f36c42d8c34854afb6155d4d7b5932891fa558cb18ec8069ab631319cda93358f0e36b808f315b593de47ba7f1b78195fe20fb640c61aee
-
SSDEEP
12288:nndOVNxOCeHmZWFdT89XOAM8LrQFUwcbq/wLOEjFUh+J9QdX5Vj4jb:UdOTfj4VYYFOwUEJ2dLj4jb
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-