General
-
Target
26092024_0016_25092024_638264-250924. PDF.IMG
-
Size
1.8MB
-
Sample
240926-akzb6awbqn
-
MD5
00adf5e3d7f43a48df6bbd03e96b9975
-
SHA1
23b8daf20ba2218bf60d62d3a94554d4f8d4deda
-
SHA256
5a1240cedcbfd36aeed14e62aefb0aef0b1fc262cc2c86017d37b3690fe1564c
-
SHA512
650468b2a62a7a59983f8727d9975bb785ac1ecea0a18ecc073baf1f0842727e4e234c650df0a8f5025a571d23da78b834fec3e351c4933ad304ddaab8db6ed2
-
SSDEEP
24576:/RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1w:UJZoQrbTFZY1iaG+1zS4KizYC3z9
Static task
static1
Behavioral task
behavioral1
Sample
638264-250924,PDF.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
638264-250924,PDF.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
m1.wcloud.ro - Port:
587 - Username:
[email protected] - Password:
dobden2020@ - Email To:
[email protected]
Targets
-
-
Target
638264-250924,PDF.exe
-
Size
1.2MB
-
MD5
7a2586f54288a95dc01fca7aa8a3bf54
-
SHA1
ac4cd20889afaccac8794fa54f8beb945c0e3526
-
SHA256
c576d03129a4176c8efb8a20f88b9183a4b9503670592295a9aae8b64e9c98d8
-
SHA512
f742cfccdd0816f637e54084e38c6a373d9a87bcbb3007059ea10b067c41848ece12de791719ca2ed8759250bb0dedda2b5639b086083d8d21ee3671cf5b748f
-
SSDEEP
24576:2RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1wI:TJZoQrbTFZY1iaG+1zS4KizYC3z9I
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-