General
-
Target
Shipping Documents-pdf.exe
-
Size
723KB
-
Sample
240903-pb17qaxdpd
-
MD5
13391873117bb69417afa5f8b1fd42bc
-
SHA1
a0d659472cf2860b8efb1355d40cfaf52b6b9a82
-
SHA256
f1f812cecd0c3a44a3bdca6720dacd7c572ab9bde801be98c521ab89b20c97d7
-
SHA512
dec21d6a7b860f75e66be3b5d4ffce73b8c1d5dafe9bccd1f1346b115788c54d52cf5fe1fa391dbdfd41f67cad48a6665fe936fad36a031ff6fbcca3f8fe7569
-
SSDEEP
12288:hozjLf30WH0WLecBK3HqUIH+oA0q5DnjnwLQytecloJEsWME+i:hmjj0ylHB9H+oA0qpjwLQyteLEsWME+i
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents-pdf.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Shipping Documents-pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAFfPnSoEnQ7t4FKDH0Jch2gKTwGo4oCCAs/sendMessage?chat_id=2065242915
Targets
-
-
Target
Shipping Documents-pdf.exe
-
Size
723KB
-
MD5
13391873117bb69417afa5f8b1fd42bc
-
SHA1
a0d659472cf2860b8efb1355d40cfaf52b6b9a82
-
SHA256
f1f812cecd0c3a44a3bdca6720dacd7c572ab9bde801be98c521ab89b20c97d7
-
SHA512
dec21d6a7b860f75e66be3b5d4ffce73b8c1d5dafe9bccd1f1346b115788c54d52cf5fe1fa391dbdfd41f67cad48a6665fe936fad36a031ff6fbcca3f8fe7569
-
SSDEEP
12288:hozjLf30WH0WLecBK3HqUIH+oA0q5DnjnwLQytecloJEsWME+i:hmjj0ylHB9H+oA0qpjwLQyteLEsWME+i
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-