General
-
Target
Inv230924193849328483pdf.exe
-
Size
1.2MB
-
Sample
240925-awxbyaxcqh
-
MD5
a07c66eab64e6c05ffa5721c758560e8
-
SHA1
5126c45f7e7d260241b60534750a54e3e955d3d8
-
SHA256
d4b8fbd59d002c8c6f147ace0ec43bed581b761b231ebc843b019827df2cc909
-
SHA512
87842fc8b0ef8678c1b0dadbf2e2ac3cc6efc01540df15d89f693c59a975542e1489a963d33eb960f2edefbe1fd86a305a2f40a6748c3fc344d7f6850b17eec0
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaVFAKsd0PZCgN45wz+yuES2V:mJZoQrbTFZY1iaVmKsd4Z1ea+yW2V
Static task
static1
Behavioral task
behavioral1
Sample
Inv230924193849328483pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Inv230924193849328483pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lifechangerscare.com - Port:
21 - Username:
[email protected] - Password:
b4ST8!7!uFT9POP
Extracted
vipkeylogger
Targets
-
-
Target
Inv230924193849328483pdf.exe
-
Size
1.2MB
-
MD5
a07c66eab64e6c05ffa5721c758560e8
-
SHA1
5126c45f7e7d260241b60534750a54e3e955d3d8
-
SHA256
d4b8fbd59d002c8c6f147ace0ec43bed581b761b231ebc843b019827df2cc909
-
SHA512
87842fc8b0ef8678c1b0dadbf2e2ac3cc6efc01540df15d89f693c59a975542e1489a963d33eb960f2edefbe1fd86a305a2f40a6748c3fc344d7f6850b17eec0
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaVFAKsd0PZCgN45wz+yuES2V:mJZoQrbTFZY1iaVmKsd4Z1ea+yW2V
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-