General
-
Target
01. GLOBAL ORIOLE.pdf.exe
-
Size
1.2MB
-
Sample
240925-x37sksweqc
-
MD5
619ee4eec9d7d2ffb4d779d98543fc7a
-
SHA1
03c441a6bcaaf5e1b24b1ab46753b1e9141f2750
-
SHA256
8308fec5f677fc6493f751e441d55481223b1bd2e759e0fce9f85b90429920c6
-
SHA512
ba896872d9b633a0a1cf5daf558426712fc0a703b5d6997ec9192dd30f56fde053a9308818130def05e7db201f1ae9516896ac7f918ce413a7f9815c7f5a7c96
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaClyDVRs+QIPjcSCJGBOeNFO:7JZoQrbTFZY1iaCUP77cU5k
Static task
static1
Behavioral task
behavioral1
Sample
01. GLOBAL ORIOLE.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
01. GLOBAL ORIOLE.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.r011.com.br - Port:
21 - Username:
[email protected] - Password:
akP?=r0&YaA)
Extracted
vipkeylogger
Targets
-
-
Target
01. GLOBAL ORIOLE.pdf.exe
-
Size
1.2MB
-
MD5
619ee4eec9d7d2ffb4d779d98543fc7a
-
SHA1
03c441a6bcaaf5e1b24b1ab46753b1e9141f2750
-
SHA256
8308fec5f677fc6493f751e441d55481223b1bd2e759e0fce9f85b90429920c6
-
SHA512
ba896872d9b633a0a1cf5daf558426712fc0a703b5d6997ec9192dd30f56fde053a9308818130def05e7db201f1ae9516896ac7f918ce413a7f9815c7f5a7c96
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaClyDVRs+QIPjcSCJGBOeNFO:7JZoQrbTFZY1iaCUP77cU5k
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-