General
-
Target
500c7dd9a5251e454d29ee7ab696f2bcbd3540cbbb1a4529797e10e5426fd026
-
Size
759KB
-
Sample
240930-ty9jtsvelj
-
MD5
b8434a29b02795d1f470f3c7c2790045
-
SHA1
d71234cc2c04a6ec9b1c51d0fc2de7a215b6de9a
-
SHA256
500c7dd9a5251e454d29ee7ab696f2bcbd3540cbbb1a4529797e10e5426fd026
-
SHA512
96bbfcd878f7a855a76e6f1b7b5d0329357fa020d53f3084eb62f95fed5dc7e10c268e03490cd7f684b48b03289695948186bd19ca878cb7edb004a70f613f7f
-
SSDEEP
12288:2AlFgDbtF+U+OsgjUDiU7ESQC6yYaiSzSzYO6fRtpe0wkZuK6po32/q3G4JZOptn:xwVkRtQC6yY+7R1Zg2G/q3TqlJ
Static task
static1
Behavioral task
behavioral1
Sample
Premium_Settlement_for_Oustanding_Dues_Settlement_pdf.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Premium_Settlement_for_Oustanding_Dues_Settlement_pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.terrazza.hr - Port:
587 - Username:
[email protected] - Password:
Vodenjak123!
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.terrazza.hr - Port:
587 - Username:
[email protected] - Password:
Vodenjak123! - Email To:
[email protected]
Targets
-
-
Target
Premium_Settlement_for_Oustanding_Dues_Settlement_pdf.exe
-
Size
786KB
-
MD5
085a88b82b13a3471ed6130311a9e6e0
-
SHA1
03f8cd4a4d6f489c69c90dddf0fb38e21f7508ec
-
SHA256
e63da6759a84f90f8e0f9c87eb519f053b125378c9617170b37c5ab92a856036
-
SHA512
5eee8c64d5a42febf089bb68ed4eb687941df3cb61165de60427c2be9e20281aee1d4a9c33c96006af2f458b1dd8ab23e3a7bade47e093f98b7e67d38c97f1f7
-
SSDEEP
12288:iCVTcsOSgBDm70a7sSgC6yyagSzSzYO6rPtze0Uk7umqpo32nm3G4JxoZtW5:lVTcsrgw7vgC6yyKVPX7W2Gnm3Tw25
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-