General
-
Target
MT Eagle Asia 1.zip
-
Size
537KB
-
Sample
241003-ncwg7axcjn
-
MD5
cc114da649d82388ed1d631691294d75
-
SHA1
adc912746a469a787cfdf58947aaa15f50e236a4
-
SHA256
979c002bb98b733b97dcd04cbb6d4a6213555cd4c0dfcda451512b7891d90832
-
SHA512
1a0e630deffad3b924d5bbdac690593134a92d2b0379749c4baa1cd4059057f9e1d3646816e28df3522ed4fd435804abaabb2cd34e50e4621a212c8a5eec8352
-
SSDEEP
12288:yIvvkkDXQM0Sj0zC8iabG8/oGW+z4CdY9W7A3oeevL2YjUSkEA4rDSNw:BpAMXj0zviA7oEzLLM4eALxUS64KNw
Static task
static1
Behavioral task
behavioral1
Sample
MT Eagle Asia 1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MT Eagle Asia 1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7682425803:AAHHoZD1_lffPXz0N6EaljeP4aAXgk0EI3k/sendMessage?chat_id=2135869667
Targets
-
-
Target
MT Eagle Asia 1.exe
-
Size
1023KB
-
MD5
5abd6361442edf2a48b887a5160ce0c4
-
SHA1
afb2e5346bbca875bea5c24fc89c8d3ecfa9ff53
-
SHA256
e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d
-
SHA512
43d69f26e24e80acd85a8d5460c6aae229ea9d88d860f259f99930675a50c1ee4b5c24c1345ed081dd84c3be568a50d7889bff76ccf2063e4ca453e2ee6b3277
-
SSDEEP
24576:sl66HNUQq5cWT+X7iiclUZlkofGVdJDf+Uz2o:KqtlW/qJDfhz
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-