General
-
Target
Settlement_Payment_Advise_pdf.exe
-
Size
815KB
-
Sample
241002-qq7tgsybnq
-
MD5
f301fd124e4a1e98a0940a6897174c9d
-
SHA1
b7524db5c28cf5174272ed230c620c6b1120b04d
-
SHA256
d7b641d0151a05ea88a81ce63ba1f8dec700c584203b3978daa4e143af7bfac4
-
SHA512
8228ed551aa5d9f86c417cdbd19c1a3facb2bd545367c1db5b07b7048acdba6ed8b664ea70f7686e127a457f1c66ff7f188a2f0c1ae45e45e1033d6c9da03566
-
SSDEEP
24576:PVTcsrgw74/EeWZAULhyeT7W2Gnm3Tw2a:PVcOgDslBVS2Gnm3THa
Static task
static1
Behavioral task
behavioral1
Sample
Settlement_Payment_Advise_pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Settlement_Payment_Advise_pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.terrazza.hr - Port:
587 - Username:
[email protected] - Password:
Vodenjak123! - Email To:
[email protected]
Targets
-
-
Target
Settlement_Payment_Advise_pdf.exe
-
Size
815KB
-
MD5
f301fd124e4a1e98a0940a6897174c9d
-
SHA1
b7524db5c28cf5174272ed230c620c6b1120b04d
-
SHA256
d7b641d0151a05ea88a81ce63ba1f8dec700c584203b3978daa4e143af7bfac4
-
SHA512
8228ed551aa5d9f86c417cdbd19c1a3facb2bd545367c1db5b07b7048acdba6ed8b664ea70f7686e127a457f1c66ff7f188a2f0c1ae45e45e1033d6c9da03566
-
SSDEEP
24576:PVTcsrgw74/EeWZAULhyeT7W2Gnm3Tw2a:PVcOgDslBVS2Gnm3THa
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-