General
-
Target
24092024_1127_23092024_PO.zip
-
Size
851KB
-
Sample
240924-nkr5qssgqk
-
MD5
a8d4da7017403fd9a60f037aa47406b8
-
SHA1
87d38d8fbe41d0670f3722781034ecdf17966301
-
SHA256
73aab2299c828e5d304c4015189f1d90e7d48e09558eb072a92c7e2b5af1089e
-
SHA512
e656c1184fae47190082ad0c848795a293342cb51d790d13d16017c09c5e78b1b9f9ed94fe9337dbbd3c2dee89d57708cee0e12fc9b3ece48b91671a3cbea729
-
SSDEEP
24576:1t7Y8R39qYXC6ruzdR8NBpMiEGtf0/tGgYx4firr2u:1t7Y89qYXC6ruzIlMwtfct5YW6rqu
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0 - Email To:
[email protected]
Targets
-
-
Target
PO.exe
-
Size
1.2MB
-
MD5
76bb2880fcbd59252a605dec709b8c57
-
SHA1
2fb7daa1a191d3bc9bd372772949fb6562205535
-
SHA256
9d65930a077590c41608d08e362e52740b93aa288c7cb6929dd6daf334afd807
-
SHA512
70d4afab534487289fd757059f49c2f800e190a8f5b1bafa3a71c4181c831286a758251bfa895b1884fce90673060cfe906543089d7ef6b1f4cf44d61627b9ee
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaXCNgN3pSwE+/fePboIID4fctrNl:mJZoQrbTFZY1iaXj/S6/fKb9Ik0thl
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-