General
-
Target
Remmitance for Invoice INV67537829 Payment.pdf.exe
-
Size
856KB
-
Sample
241021-c3xx6awdnl
-
MD5
86632775e2f5776bfce4c7e2df632903
-
SHA1
921d772df60b49676ae2c512fcc15e86d33965ca
-
SHA256
e1f1e5970511d1bebefffb1d2da35cc65cd287d9c7be042c194fa8f8dce37cec
-
SHA512
e3169916e2144e9f64e2eafa13805c231713733fc213e5827f6d38af3ff47383eee819389e8df9265067f374e1f93432e5288175c9c6ba3d09721a67b58caeec
-
SSDEEP
24576:/aApdWAzcP5hb7e79uU9Pq/33Grj+alCJmvulW6Nd0v6:ppd1cRN6pMS+m7mwMA6
Static task
static1
Behavioral task
behavioral1
Sample
Remmitance for Invoice INV67537829 Payment.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Remmitance for Invoice INV67537829 Payment.pdf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Minerological.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Minerological.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
noVE@2879 - Email To:
[email protected]
Targets
-
-
Target
Remmitance for Invoice INV67537829 Payment.pdf.exe
-
Size
856KB
-
MD5
86632775e2f5776bfce4c7e2df632903
-
SHA1
921d772df60b49676ae2c512fcc15e86d33965ca
-
SHA256
e1f1e5970511d1bebefffb1d2da35cc65cd287d9c7be042c194fa8f8dce37cec
-
SHA512
e3169916e2144e9f64e2eafa13805c231713733fc213e5827f6d38af3ff47383eee819389e8df9265067f374e1f93432e5288175c9c6ba3d09721a67b58caeec
-
SSDEEP
24576:/aApdWAzcP5hb7e79uU9Pq/33Grj+alCJmvulW6Nd0v6:ppd1cRN6pMS+m7mwMA6
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Minerological.Ane
-
Size
52KB
-
MD5
8825d00bcab0f9536304af576722fab8
-
SHA1
f931760c113be56731d6f5d8a0c46c5c45745e96
-
SHA256
27c53caf883a115601f8cdb182d4edc4e029ec1d5c7fb3b932ec5adf4da03d77
-
SHA512
2f49b3a74a2cc728693d17fbf4240a47ee4a21d0a982ac2c7f8925b614c8492cd4c1af5ed947da02786cbf3a49d46a6d98ffa3432932c3c3058e14d91176b034
-
SSDEEP
1536:XrcSe7xScnP2uIunmT5judIz/sF6VgCv6ix88jXr8d0DIe:XNef8dj6UeA28JDIe
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-