General
-
Target
Hesaphareketi01pdf.exe
-
Size
1.2MB
-
Sample
240924-ljb11szakp
-
MD5
788799e671e3a59bc0776d760511992a
-
SHA1
612ae251d122782aeb8f47479a650e8881cc6bc8
-
SHA256
fb8591420d16f45c6d4a6b2e5908aedb1836bb8437718a228926d80f3ed24551
-
SHA512
55732156573ddf95344702fdf519a45a04f9b8160d377491035a91eec45df46ae37f33784560cb8fb4768898e3b36a9171926b912457d81746d0776396799a79
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaVzKSfvLt8vhBT+MEFn7acEP0bMCe:mJZoQrbTFZY1iaV2mj8xw7YBCe
Static task
static1
Behavioral task
behavioral1
Sample
Hesaphareketi01pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Hesaphareketi01pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lifechangerscare.com - Port:
21 - Username:
[email protected] - Password:
b4ST8!7!uFT9POP
Extracted
vipkeylogger
Targets
-
-
Target
Hesaphareketi01pdf.exe
-
Size
1.2MB
-
MD5
788799e671e3a59bc0776d760511992a
-
SHA1
612ae251d122782aeb8f47479a650e8881cc6bc8
-
SHA256
fb8591420d16f45c6d4a6b2e5908aedb1836bb8437718a228926d80f3ed24551
-
SHA512
55732156573ddf95344702fdf519a45a04f9b8160d377491035a91eec45df46ae37f33784560cb8fb4768898e3b36a9171926b912457d81746d0776396799a79
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaVzKSfvLt8vhBT+MEFn7acEP0bMCe:mJZoQrbTFZY1iaV2mj8xw7YBCe
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-