General
-
Target
SWIFT COPY.exe
-
Size
1.2MB
-
Sample
240924-nn71cswgmc
-
MD5
d138e7f7d5e29f416b7b04e4f7567d11
-
SHA1
4ed5d9329f6d190936ba3065b75bd90c7f83d04b
-
SHA256
b265a1d4698c08fe197c6cfed56a7a23adae05fdd25a4917ff5354e537f698d9
-
SHA512
9aca54e79a967ed2d22bcc92d759e934aa39c407bd3d2d42795d285aaa52030205215965bb56f639f18bbaaaf4a9e4247834f935600d2455830f74b19c1d7afc
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaXSnI7XSMXGGXb3jZFR:mJZoQrbTFZY1iaXS4rGozjZFR
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SWIFT COPY.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0 - Email To:
[email protected]
Targets
-
-
Target
SWIFT COPY.exe
-
Size
1.2MB
-
MD5
d138e7f7d5e29f416b7b04e4f7567d11
-
SHA1
4ed5d9329f6d190936ba3065b75bd90c7f83d04b
-
SHA256
b265a1d4698c08fe197c6cfed56a7a23adae05fdd25a4917ff5354e537f698d9
-
SHA512
9aca54e79a967ed2d22bcc92d759e934aa39c407bd3d2d42795d285aaa52030205215965bb56f639f18bbaaaf4a9e4247834f935600d2455830f74b19c1d7afc
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaXSnI7XSMXGGXb3jZFR:mJZoQrbTFZY1iaXS4rGozjZFR
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-