General
-
Target
RFQ September Order PR 29235 doc-pdf.exe
-
Size
708KB
-
Sample
240902-n7116azcjm
-
MD5
2e316adc2bf3db362d2406207937e4ad
-
SHA1
0fee2d87ae2883de80f16b87c33db23c9eed73c5
-
SHA256
e1ff6702cd624b36c3af7773ae135cc60ebf55f5ba9d2acfc516e5488a449e95
-
SHA512
468b472450a96d05ce3ce80db674e3fe55ef58fad57c72abb20e5280f20190e66611f7c1e0b2ae5bda89c21e31f4260df680625737cccac472c95a6528581b18
-
SSDEEP
12288:1SBKYvI8qPsP3DRXhko1lRB6NWHNZIuKUqLSiLV+n8SeuF4oBDCSaKzx6cquiLfM:AOHkFeolRLHc5LSAV+8mPC8d6cHY+X
Static task
static1
Behavioral task
behavioral1
Sample
RFQ September Order PR 29235 doc-pdf.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
RFQ September Order PR 29235 doc-pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAFfPnSoEnQ7t4FKDH0Jch2gKTwGo4oCCAs/sendMessage?chat_id=2065242915
Targets
-
-
Target
RFQ September Order PR 29235 doc-pdf.exe
-
Size
708KB
-
MD5
2e316adc2bf3db362d2406207937e4ad
-
SHA1
0fee2d87ae2883de80f16b87c33db23c9eed73c5
-
SHA256
e1ff6702cd624b36c3af7773ae135cc60ebf55f5ba9d2acfc516e5488a449e95
-
SHA512
468b472450a96d05ce3ce80db674e3fe55ef58fad57c72abb20e5280f20190e66611f7c1e0b2ae5bda89c21e31f4260df680625737cccac472c95a6528581b18
-
SSDEEP
12288:1SBKYvI8qPsP3DRXhko1lRB6NWHNZIuKUqLSiLV+n8SeuF4oBDCSaKzx6cquiLfM:AOHkFeolRLHc5LSAV+8mPC8d6cHY+X
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-