General
-
Target
fdd89d3fbfaf8c4c44738c990e80089c.zip
-
Size
20KB
-
Sample
240926-bnjasaydjr
-
MD5
d36bcdc2fdc51f9a6a21badc1f1c2e54
-
SHA1
505ee6add24a32965f2dc9b0fcd5250d213835d9
-
SHA256
d89462ef55d83dd28587ced515322c2785c72f7e78f1ab56450f6e5a66f7e96c
-
SHA512
16f53770b9b8187b8d306ed9a547d4ed75f8f3c5cac8ecf8cbfe269aaff95d13be1233a06a2d3fd413baf998cd554789858e04bc430ce5dd91d73ed498a44f76
-
SSDEEP
384:4yZsAoIdjlQWRizNNi4kMPbxyCAN1K/dQ+C2lnPkIci73lzBkHinIs:DToIdhQWRip1VbTv3Vn1VdIs
Behavioral task
behavioral1
Sample
fdd89d3fbfaf8c4c44738c990e80089c.pdf
Resource
win10v2004-20240910-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915
Targets
-
-
Target
fdd89d3fbfaf8c4c44738c990e80089c
-
Size
24KB
-
MD5
fdd89d3fbfaf8c4c44738c990e80089c
-
SHA1
6d13774bd3b635fea46531279cdd38eb3dce9ec2
-
SHA256
cccee5a2127e925eb3b338bdfc4644f785ce7db11e378435fa8828352be65fae
-
SHA512
22d6c083dab36275ee0873a0eab254b802bbc54798978833689c1590a1236a351c865bebf6085c928064e52e96affddb63326b04d7010cefb4916078d463c65f
-
SSDEEP
768:5Ab4CCU29fuh+0BIcmNk32ska+oH7586u:2b4DbJmIc9bo
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-