General
-
Target
ffd0e11aad8236d20c3b254e5cd495262f09e7ab8515ef9c43d292ceef085904.zip
-
Size
813KB
-
Sample
240820-v6c19syemp
-
MD5
0939ffc5a87e6e22d5005ecf45ded569
-
SHA1
c681408fe06b9ebf291885fc3bca8dc4b8d5cd5a
-
SHA256
ffd0e11aad8236d20c3b254e5cd495262f09e7ab8515ef9c43d292ceef085904
-
SHA512
fc95ea6a2aeccc46f1dbd6dbaab7e5ba828027b3b9c8a1417094caef5a1dac2f33d433ae3ab9e6347bac908d85fe4d9cbd7754b528bc3087da77fe6aaf2379be
-
SSDEEP
24576:eHMx4Ot+aU8iOLuzMYxr2nwFEfqFh3+/yH:eu4OfCSqFECz+/M
Static task
static1
Behavioral task
behavioral1
Sample
БАНКОВСКИЙ ПЕРЕВОД pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
БАНКОВСКИЙ ПЕРЕВОД pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7536751044:AAF0FBne988zRhUPGZlDQ1lQ4bW76DiDkXU/sendMessage?chat_id=5600682828
Targets
-
-
Target
БАНКОВСКИЙ ПЕРЕВОД pdf.exe
-
Size
1.1MB
-
MD5
627534bca81ea8cbc73a9ed94df2cf28
-
SHA1
e0364dccc2030ec72321d648f85713b3b218676f
-
SHA256
72e7a39bce46e45402cbb4ae13053d57e87a62b06b53164acbe8c18ccf7dc696
-
SHA512
be76f7dc764bd450fb668a2a1ff66861a72fa653d414091485e085428cb8073fcab202c2f68999fed2909212554572cdbb26b8f5156be2bac2f428508cd3f15c
-
SSDEEP
12288:u1oAMd6OdKEari+ECZp1hUdQ5dM+OIbuH+Tbdf2GX9PzSnS3FY3Tiiy11gR2w:u186h1OajUSOjevco9P2nuFOOD11g
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-