General
-
Target
Swftsend8964,pdf.exe
-
Size
1.2MB
-
Sample
240924-rp5s6ssbqd
-
MD5
a9277cc2ccfaf7cc487fd2b8059be116
-
SHA1
7f8f98c3f853c3e29cb95897d15195f6e064ee62
-
SHA256
9c7b9ceb30c4f703691c6406457b9c9074b98efe49b19115f88977340bb83492
-
SHA512
8df33fde419fdb0b8793da005cc3bc52ea116a7981bff46203870954ba7a21f653cd259256c9297fcb9803b3c158986790c7c246490e316af40f70426fab8c71
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC+4MhwIQ0eVEI:7JZoQrbTFZY1iaC+lwIWF
Static task
static1
Behavioral task
behavioral1
Sample
Swftsend8964,pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Swftsend8964,pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
m1.wcloud.ro - Port:
587 - Username:
[email protected] - Password:
dobale2020@ - Email To:
[email protected]
Targets
-
-
Target
Swftsend8964,pdf.exe
-
Size
1.2MB
-
MD5
a9277cc2ccfaf7cc487fd2b8059be116
-
SHA1
7f8f98c3f853c3e29cb95897d15195f6e064ee62
-
SHA256
9c7b9ceb30c4f703691c6406457b9c9074b98efe49b19115f88977340bb83492
-
SHA512
8df33fde419fdb0b8793da005cc3bc52ea116a7981bff46203870954ba7a21f653cd259256c9297fcb9803b3c158986790c7c246490e316af40f70426fab8c71
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC+4MhwIQ0eVEI:7JZoQrbTFZY1iaC+lwIWF
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-