General
-
Target
FinalDraftDocument.exe
-
Size
488KB
-
Sample
241002-y3le1svcjj
-
MD5
809e7ea49edaf85cb1d5bd558e5c5193
-
SHA1
0eccd79c5a83552cfdbb869bf800946b07373203
-
SHA256
9b6a9353b8f6dd2125d0b15d32724606744990de68541d8714153935e7f69a2a
-
SHA512
4e18195b6a226bf6e427ecc8bbf9bed6fe4075411b9d26971510222fa8fd39778cac8dd85fc58c22dca1012d2e6bd10f09eec69983e99d43c890bd2a52cde58f
-
SSDEEP
12288:jrvWGrvWvrvWZrvWb2BKMAKtWjg8lNqOi/GUr:jLWGLWvLWZLWqQHjlNqbrr
Static task
static1
Behavioral task
behavioral1
Sample
FinalDraftDocument.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FinalDraftDocument.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8077340278:AAH_Kxl1wfWRxGS3WgpXXx6UyRcTAMq6dmU/sendMessage?chat_id=5325450360
Targets
-
-
Target
FinalDraftDocument.exe
-
Size
488KB
-
MD5
809e7ea49edaf85cb1d5bd558e5c5193
-
SHA1
0eccd79c5a83552cfdbb869bf800946b07373203
-
SHA256
9b6a9353b8f6dd2125d0b15d32724606744990de68541d8714153935e7f69a2a
-
SHA512
4e18195b6a226bf6e427ecc8bbf9bed6fe4075411b9d26971510222fa8fd39778cac8dd85fc58c22dca1012d2e6bd10f09eec69983e99d43c890bd2a52cde58f
-
SSDEEP
12288:jrvWGrvWvrvWZrvWb2BKMAKtWjg8lNqOi/GUr:jLWGLWvLWZLWqQHjlNqbrr
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-