General
-
Target
Halkbank_Ekstre_22…93.25.09.24.pdf.exe
-
Size
692KB
-
Sample
240925-sjf4assapk
-
MD5
296906c78a80a404a4e9527526cc28d0
-
SHA1
e3ebbf6bd31f804f58fda8a2ac9a4286c2634b20
-
SHA256
ec2b34886ee774ca2d99766e4fbb5cd8447a920ef760898a7c648d84518b744f
-
SHA512
3e5ff75a98af4feac7f73f2edb4f1896b3afac6a7992496483b29f1eabcd212303a799378d2a47b6c2d7d37c2c3b36b2e7b016aa922b9c96279cd61358404d89
-
SSDEEP
12288:F1eiz6+VtgURRP+BDJ0nvPXEdwKRn/RsqanAeor06Gsy7psz4ugn48bQb:5VtpUBt0vPUlZsDnA5resOpMGI
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_22…93.25.09.24.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_22…93.25.09.24.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
awaratrendz.com - Port:
21 - Username:
[email protected] - Password:
mxH!EyDs(.jx
Extracted
vipkeylogger
Targets
-
-
Target
Halkbank_Ekstre_22…93.25.09.24.pdf.exe
-
Size
692KB
-
MD5
296906c78a80a404a4e9527526cc28d0
-
SHA1
e3ebbf6bd31f804f58fda8a2ac9a4286c2634b20
-
SHA256
ec2b34886ee774ca2d99766e4fbb5cd8447a920ef760898a7c648d84518b744f
-
SHA512
3e5ff75a98af4feac7f73f2edb4f1896b3afac6a7992496483b29f1eabcd212303a799378d2a47b6c2d7d37c2c3b36b2e7b016aa922b9c96279cd61358404d89
-
SSDEEP
12288:F1eiz6+VtgURRP+BDJ0nvPXEdwKRn/RsqanAeor06Gsy7psz4ugn48bQb:5VtpUBt0vPUlZsDnA5resOpMGI
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2