General
-
Target
28092024_0817_27092024_SolicitarS COTIZACION para GP123874_ARTICULOS_xlsx.7z
-
Size
819KB
-
Sample
240928-j6w9cswaqn
-
MD5
f46b58da4e641bad19c3bc2711e4fc66
-
SHA1
fa6a9d100fc67b3e6d1637d7463c2a587e85dc45
-
SHA256
5df8e7dff20e52cf94c6163a07e4cdbaf965701a061514f00ec3ddc65e505159
-
SHA512
1397a4e2534ed3fc37a7280cf354172fc088ac8862ab525a8959b610fe5be19c75fe17487a65d5893ad619122e437e3a33f2274533ae28362c9274bd4af2f282
-
SSDEEP
24576:PQw3n9Bjh7T5KkeYA6MWdX71tR2ie53IhhrsGkFM:Pz3n9BXKk3X33R2j5sh82
Static task
static1
Behavioral task
behavioral1
Sample
SolicitarS COTIZACION para GP123874_ARTICULOS_xlsx.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SolicitarS COTIZACION para GP123874_ARTICULOS_xlsx.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
SolicitarS COTIZACION para GP123874_ARTICULOS_xlsx.exe
-
Size
1.1MB
-
MD5
38da0124c1bd20393e168d2206dd9a8f
-
SHA1
64f0696ad4d2de9700b3c628df48d8a7da034e72
-
SHA256
9fc9962ad626a752e9e16f06d0c5aa2835f32c6a8369766b9e50b8bbdec719bb
-
SHA512
7876a5ed1d25131690476492b48b5b21dfb45622b95e89600676fb40abd7e5e8eb9ba68d71a39e230493cbf462395654d8f7470cfdbadbc178c31fc72f38fed9
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaxj/oId791t1mCeB3IJhxsGkxl:mJZoQrbTFZY1iaxj/731mDBWhKj
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-