General
-
Target
Urgent inquiry for quotation.7z
-
Size
848KB
-
Sample
241003-xsveha1hml
-
MD5
5e202e2b5871f7736b33a177b6a51157
-
SHA1
25deda71a75b374782dacbbaf533ae1ac2786491
-
SHA256
d407f1a0854712d59ca48e524957781374828d86fab2b73305838235a9093b1a
-
SHA512
afcedf94ca5e6a8e0e90687d600d683fe50713dab572f9c7a81a4ff22030a6f7727d824328734ee375a07c8c97e7d9af51958a552e6a084312012dabf5865378
-
SSDEEP
24576:jaPv/3RMg41Bb4ACMnXT7/u4R5/a6Rq3abFf3Y5:j6v/BMT1LTRtdqKto5
Static task
static1
Behavioral task
behavioral1
Sample
Urgent inquiry for quotation.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Urgent inquiry for quotation.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t - Email To:
[email protected]
https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544
Targets
-
-
Target
Urgent inquiry for quotation.exe
-
Size
1.2MB
-
MD5
99f8afeaf690544887a8bfc9243f3c7f
-
SHA1
49ac8b9909d9c429530860e851a81f1262a5ce14
-
SHA256
cc4e80189451b050cc7bc90aa3fa787a4e3a50a0cc6f845fa68bdc849b1f5d14
-
SHA512
02b7f53d0430b172599f5449b78b83fe722fa5443e02e9b6b116a964d1cb008c5c0dd5d0909930f66c37bef6214bbb5d1c3f440ccb6e930f68462ba677d87e0a
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLpJtGoBCZNyozGcuYViYxy7Y5b:f3v+7/5QLpJaZNKcoYxPB
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-