General
-
Target
964fae80e25035fbbc23798bbb5b1663162a33dd28fa5f66c3504e94fded60d8
-
Size
706KB
-
Sample
240930-xw7t1a1brq
-
MD5
4eb38341247017691d875b722ced7ffc
-
SHA1
adb8e40431c1966cbedcfbdf2a0e1de3d50c18b1
-
SHA256
964fae80e25035fbbc23798bbb5b1663162a33dd28fa5f66c3504e94fded60d8
-
SHA512
364d5e3b911749cb6b0b221b08066098c3e82dd4057eee0dfeb9e662a21d5927117f619305c6789b134150f8e282cd5375d19827a24a0d72c0feed2bdcfd1600
-
SSDEEP
12288:QeIewMShrAaidqVm0BwN0n1ss/ICzlTSBf5rWs+fwTkRFBfYmB/s2QkEoMymN:QfewMSex8I0O6Z/IOlTkCfwTuBfbB02i
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
foxwagon-equipment.com - Port:
587 - Username:
[email protected] - Password:
SVBd8Gv^}!B1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
foxwagon-equipment.com - Port:
587 - Username:
[email protected] - Password:
SVBd8Gv^}!B1
Targets
-
-
Target
invoice.exe
-
Size
777KB
-
MD5
69f5ec778e467c7d87f15b201c893816
-
SHA1
4e2b63cce411847e95177765064b3fc03463590b
-
SHA256
a433aa981a5cbfd5fae678c523b088d034f61f57dcb61232fbaba73657867b36
-
SHA512
8c31ed6c55abfb8d4e5ab9f8b39d05571a583322385a7fc28427f48326ec5e43e9c66c99748e0c53cbc98c904175ffa82aac5d539121c095dda06355b6b7890b
-
SSDEEP
24576:vOGaAeBqAiwCZDOwl3UYfWFEBftBW2Zye:4LgAiTZDhlRWFEBVw2ZF
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-