General
-
Target
6aecc1c7bf17240fc17d6110a057126fc011d8eee1e9d77d07f95ae858a368a9
-
Size
519KB
-
Sample
240902-wv6pwavcql
-
MD5
6646a478473297bb62864aef50fb3d94
-
SHA1
2a5628cee46e734aaa57f89a90e786b925d9c596
-
SHA256
6aecc1c7bf17240fc17d6110a057126fc011d8eee1e9d77d07f95ae858a368a9
-
SHA512
e4d9e699bd14b64fd06149954a3e64a9e64d0beaa8896809eeaf363eb9171ae320140a65fbdffab410801084c369292eef404a8c4790e9af45e73b369f0135be
-
SSDEEP
12288:Ku+ztxJ9LqzUHzZ5Cecoj1V9akK08Yuv09X8W5R:Q/+zUt5Xlj1V208YK0V/
Static task
static1
Behavioral task
behavioral1
Sample
Hjemmefronten.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Hjemmefronten.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7315318214:AAHbW_8qzp1k_NeIC5gT45-OC58Jt1N6o4Y/sendMessage?chat_id=5080229442
Targets
-
-
Target
Hjemmefronten.exe
-
Size
532KB
-
MD5
adae3851741cd656dd9ac55993676a09
-
SHA1
c4e668dccfcd545152b395e9c3c828abce3282e5
-
SHA256
c048753bf334e6ee8823698e0a2658bdc48b9df847e12b1f74fee01a9064df39
-
SHA512
87a1aab3af37536648878aa3f8f5373921679ed8644e3c36e9fd553a0d27241f4b6d8e793d8c9aa0fd274bfefdf38de4267be32c93f7b529200261ea5fb6f5b2
-
SSDEEP
12288:WC10cO9T6+MoSBdNV4y2I7sifQuqGKRkQbDmGLIgQW:WUwTDMoSJGyb7FlqGa/DmUQW
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-