General
-
Target
343820b1077ce4be3b114ba1c269c2a5786ddca5a1ab35ca65392bc20c91d3c5
-
Size
883KB
-
Sample
240924-h9rbvayhmh
-
MD5
74ab3f3ccef897f4f43c6cf3184daca8
-
SHA1
84d8bb450169a50e92e2817b4e967d268e5a08d6
-
SHA256
343820b1077ce4be3b114ba1c269c2a5786ddca5a1ab35ca65392bc20c91d3c5
-
SHA512
5a9bfa1fa5ed47652b099459ed166c060af86394e87973749571dc161e238a08e13844a55019e84909fadcefead1e2c13b8ee3f37c6312a530cc4bd320c291ba
-
SSDEEP
24576:ssISWd9T/xuto01intfvhtMrB7Tm4EjntacEnybSzV:ssyd9Leo0Yd56LSt2nzV
Static task
static1
Behavioral task
behavioral1
Sample
Hesaphareketi-01,pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Hesaphareketi-01,pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lifechangerscare.com - Port:
21 - Username:
[email protected] - Password:
b4ST8!7!uFT9POP
Extracted
vipkeylogger
Targets
-
-
Target
Hesaphareketi-01,pdf.exe
-
Size
1.2MB
-
MD5
788799e671e3a59bc0776d760511992a
-
SHA1
612ae251d122782aeb8f47479a650e8881cc6bc8
-
SHA256
fb8591420d16f45c6d4a6b2e5908aedb1836bb8437718a228926d80f3ed24551
-
SHA512
55732156573ddf95344702fdf519a45a04f9b8160d377491035a91eec45df46ae37f33784560cb8fb4768898e3b36a9171926b912457d81746d0776396799a79
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaVzKSfvLt8vhBT+MEFn7acEP0bMCe:mJZoQrbTFZY1iaV2mj8xw7YBCe
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-