General
-
Target
57df82d0e4547407bdca25692313c2a95b07438991c4cfd44a85d85e5976a965
-
Size
74KB
-
Sample
220221-m6ewvsaghp
-
MD5
ba4380237e7a0f220deaaada1fddff73
-
SHA1
394b852855574cffa26a66bec083792a21f87f79
-
SHA256
57df82d0e4547407bdca25692313c2a95b07438991c4cfd44a85d85e5976a965
-
SHA512
5e70426b3547020f93c62764f418ff7d475f4bf772130b056f33884e7b155b9675a4af292b356bd9897c5e6c665488989d7400dfb452d8544d1252b3e3798142
Malware Config
Targets
-
-
Target
57df82d0e4547407bdca25692313c2a95b07438991c4cfd44a85d85e5976a965
-
Size
74KB
-
MD5
ba4380237e7a0f220deaaada1fddff73
-
SHA1
394b852855574cffa26a66bec083792a21f87f79
-
SHA256
57df82d0e4547407bdca25692313c2a95b07438991c4cfd44a85d85e5976a965
-
SHA512
5e70426b3547020f93c62764f418ff7d475f4bf772130b056f33884e7b155b9675a4af292b356bd9897c5e6c665488989d7400dfb452d8544d1252b3e3798142
Score10/10-
VKeylogger
A keylogger first seen in Nov 2020.
-
VKeylogger Payload
-
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
-
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity
suricata: ET MALWARE Win32/Spy.Agent.QAQ Variant CnC Activity
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-