General
-
Target
2240902473.pdf.exe
-
Size
703KB
-
Sample
240924-rtgbdayfkk
-
MD5
d48a40e1ebe635d7368017c6fe020f09
-
SHA1
3c66aa4de1f6d27f5ac9c01eae8f92bda4ba2417
-
SHA256
27336a02b8be0e210cae46d680509f78bff16d64f653925b55a11cc837341eea
-
SHA512
d0c8e024c3ed345b2a1dead2d524c93b04da95ea41dbbd7c2f7e1114def9440f9308918366e0febec22b385aece156dc1853b7f71fbe7cb82cbfa9e89ada3a56
-
SSDEEP
12288:9dOsd0DUdUAum4zaLLp/Jy+ft1be4qcWsAXxcnrC/bZQMglIMw5:Csd0IdT4GLFxy+lIpD6uNoIt
Static task
static1
Behavioral task
behavioral1
Sample
2240902473.pdf.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2240902473.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
Rajahsouthfruits5
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
Rajahsouthfruits5 - Email To:
[email protected]
Targets
-
-
Target
2240902473.pdf.exe
-
Size
703KB
-
MD5
d48a40e1ebe635d7368017c6fe020f09
-
SHA1
3c66aa4de1f6d27f5ac9c01eae8f92bda4ba2417
-
SHA256
27336a02b8be0e210cae46d680509f78bff16d64f653925b55a11cc837341eea
-
SHA512
d0c8e024c3ed345b2a1dead2d524c93b04da95ea41dbbd7c2f7e1114def9440f9308918366e0febec22b385aece156dc1853b7f71fbe7cb82cbfa9e89ada3a56
-
SSDEEP
12288:9dOsd0DUdUAum4zaLLp/Jy+ft1be4qcWsAXxcnrC/bZQMglIMw5:Csd0IdT4GLFxy+lIpD6uNoIt
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2