General
-
Target
Factura.exe
-
Size
541KB
-
Sample
240903-qec5qsydrc
-
MD5
b474081dbbfe5e29ccef7c820dc378ad
-
SHA1
c2fff6685dbddcc07f94fbcce40f32b2bec7f823
-
SHA256
77d7c5f6925455c74f6ce5f9e22e958ca129a78e5bff20b0845c2cefb4682d68
-
SHA512
733aac7db3aa8a5fd47a13d9324955f18b5c6ceb37060fd8b26fae9e64406a9526f9ed6ccb8864cf649090205369a135036c98377bfc9bbb10fe71445e673172
-
SSDEEP
12288:WbElBJTA2lN4R+2QWfd4jFs0eZhDKxORueodoF08/PE9UlJiLXqli6:WYlBpjN4RfdA65TDKxORue0oGSPaIP
Static task
static1
Behavioral task
behavioral1
Sample
Factura.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.mmppf.com - Port:
587 - Username:
[email protected] - Password:
Alm@AlMunif#2024 - Email To:
[email protected]
Targets
-
-
Target
Factura.exe
-
Size
541KB
-
MD5
b474081dbbfe5e29ccef7c820dc378ad
-
SHA1
c2fff6685dbddcc07f94fbcce40f32b2bec7f823
-
SHA256
77d7c5f6925455c74f6ce5f9e22e958ca129a78e5bff20b0845c2cefb4682d68
-
SHA512
733aac7db3aa8a5fd47a13d9324955f18b5c6ceb37060fd8b26fae9e64406a9526f9ed6ccb8864cf649090205369a135036c98377bfc9bbb10fe71445e673172
-
SSDEEP
12288:WbElBJTA2lN4R+2QWfd4jFs0eZhDKxORueodoF08/PE9UlJiLXqli6:WYlBpjN4RfdA65TDKxORue0oGSPaIP
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-