General
-
Target
e8f788ca747a6d343b0289e30f70df5ca8776d89150ff282e8053662394e2008
-
Size
903KB
-
Sample
241001-af2xgsvhmf
-
MD5
64428c195e6ed9d1a46ad0025ff80247
-
SHA1
8fecce62f3361683ac34fec243a2ed8f970196df
-
SHA256
e8f788ca747a6d343b0289e30f70df5ca8776d89150ff282e8053662394e2008
-
SHA512
286f57ce1a508733d33ae8fe33e1ab2497675f83c9fac30f51c0ac485636e7be69cc8f06240c519192bdb773300d6366fb82ca15e21e518520d96eb36d6fb158
-
SSDEEP
24576:KlYhPmOBR/NhxATUWhO4wg1nLD4fnf/b9DGqL:RhPmeR1h+fhP1LD4frrL
Static task
static1
Behavioral task
behavioral1
Sample
doc 20241001899988qa900010.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
doc 20241001899988qa900010.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.akguneselektrik.com - Port:
21 - Username:
akgunes - Password:
9H5xQVGg
Extracted
vipkeylogger
Targets
-
-
Target
doc 20241001899988qa900010.exe
-
Size
1.2MB
-
MD5
dbefc107b604850b02d37c21d7a5b678
-
SHA1
42e0be115317e64cc5dd9afd83533719142a11a7
-
SHA256
0f104b87d9b6c55e9984d7fd7ba104aaf405a446d215e4d5187facd0b05ffd07
-
SHA512
925edec21c2d2d43011e8acf58b45f68a89a16e2acf516fe52fa39267ca000a0a5bae41bf89244f11f328646d0ae4c0a936ce1dce1cfcf252b2eb53449a98ee3
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLLUuhg4Eg5nL/STnvpb9NsCF:f3v+7/5QLVhJ5L/STFlF
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-