General
-
Target
4e29dc3913c1912676aa3b4c98230a94cbd31748a57f03739af0a0ea99e72460
-
Size
627KB
-
Sample
240924-tqez9awcqf
-
MD5
8f369ce19589a281d55971ed9766fade
-
SHA1
ed3c560539f8871b61fc675a0001663f939d5ee7
-
SHA256
4e29dc3913c1912676aa3b4c98230a94cbd31748a57f03739af0a0ea99e72460
-
SHA512
dbc459dcd39a9d88faf696a005e23002abc7bc6c3ad7b01d511b6ffa8667739905af193e45d0f3c3faef0367009fd6b0a32f3d7d300453f0d5de1801104f7f28
-
SSDEEP
12288:6j/vmKhz/riPY0zXhp5gfKo7sdNT1LCXVbeyLp/7YcrVgsDf/nFUezc:yGKhz/uPYyXhp5gSmwLqbeyLV7rxTDfy
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01_pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
hesaphareketi-01_pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.fastestpay.digital - Port:
21 - Username:
[email protected] - Password:
1Qj;XlmD!Lrj
Extracted
vipkeylogger
Targets
-
-
Target
hesaphareketi-01_pdf.exe
-
Size
1.7MB
-
MD5
33e557f83de6a10689f72c1458aeb204
-
SHA1
a6dcf0ec4366f0c30d483645ca56779f4bbb38b7
-
SHA256
0ed875098cbedf59446d18e8142a89505517b48e69d94f91a3266a3e395d5629
-
SHA512
1ce65fceb3570e10c29cdc5be23bbc200d63e709669698ec9b8675825820fc0c195103a5c6a2085fcc733954fccc6e5d60367fe1924e404e710f60a112e9da07
-
SSDEEP
24576:cuKhF/OzckXTD5USeGLwbmyLJ7nJTDf/LzU:cuK+ckxb89J7nJTbLA
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-