General
-
Target
SWIFT COPY.zip
-
Size
889KB
-
Sample
240924-pvmhnsvfjq
-
MD5
9165274d1fe53a3529567d7edfc0579c
-
SHA1
f0e6fe9ae846bb7769437bb079e1f467c4e84921
-
SHA256
241e1365a1167e6e5ca9d489cad6867fb44196d60473f679888a0a3cfbb93a35
-
SHA512
b03e69e7d9ad693c483f07dea93f097ebc04b7933ca182d003aa6f1e75ca2f2d82ef9cf07b4b4f654f8ca706e22ec1a5274bbbc7db5a927a8eb1090d4c927e35
-
SSDEEP
24576:nt7Y8R39qYXC6ruzW1I7N4GtqWx3XpxxZ:nt7Y89qYXC6ruzWaNqenpxxZ
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SWIFT COPY.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Password: )NYyffR0 - Email To:
[email protected]
Targets
-
-
Target
SWIFT COPY.exe
-
Size
1.2MB
-
MD5
d138e7f7d5e29f416b7b04e4f7567d11
-
SHA1
4ed5d9329f6d190936ba3065b75bd90c7f83d04b
-
SHA256
b265a1d4698c08fe197c6cfed56a7a23adae05fdd25a4917ff5354e537f698d9
-
SHA512
9aca54e79a967ed2d22bcc92d759e934aa39c407bd3d2d42795d285aaa52030205215965bb56f639f18bbaaaf4a9e4247834f935600d2455830f74b19c1d7afc
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaXSnI7XSMXGGXb3jZFR:mJZoQrbTFZY1iaXS4rGozjZFR
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-