General
-
Target
FACTURA DE PAGO.exe
-
Size
859KB
-
Sample
241021-k26gxaxfre
-
MD5
de02502f79bc183714a9dfe879831170
-
SHA1
c1fd975e0df663fd49e86ae1453d0ad3eccacea8
-
SHA256
9e3ef4dbb2d13139c75e1cbf855114111e6378fc518b7666f972442134d06718
-
SHA512
c921e2e02ed0969ad66ae503e3cc83d0e2a3c3d6d43814c8b31c3b8606cde77e6f39c9a4b41088c0718b182a84dc29cae5f609dff872e98dcd00ef28c58b6415
-
SSDEEP
12288:l9LVa31WR5y/seQ/33WcLvfLn/ETeVlCE7vkQymGwSW01hXqvjoaCi7lnsZz0maD:/D5y/+/vfD/+alCJmvulW6Nd0vD
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA DE PAGO.exe
Resource
win7-20240903-es
Behavioral task
behavioral2
Sample
FACTURA DE PAGO.exe
Resource
win10v2004-20241007-es
Behavioral task
behavioral3
Sample
Udlaanslofterne/Incuss.ps1
Resource
win7-20240903-es
Behavioral task
behavioral4
Sample
Udlaanslofterne/Incuss.ps1
Resource
win10v2004-20241007-es
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
Rajahsouthfruits5 - Email To:
[email protected]
Targets
-
-
Target
FACTURA DE PAGO.exe
-
Size
859KB
-
MD5
de02502f79bc183714a9dfe879831170
-
SHA1
c1fd975e0df663fd49e86ae1453d0ad3eccacea8
-
SHA256
9e3ef4dbb2d13139c75e1cbf855114111e6378fc518b7666f972442134d06718
-
SHA512
c921e2e02ed0969ad66ae503e3cc83d0e2a3c3d6d43814c8b31c3b8606cde77e6f39c9a4b41088c0718b182a84dc29cae5f609dff872e98dcd00ef28c58b6415
-
SSDEEP
12288:l9LVa31WR5y/seQ/33WcLvfLn/ETeVlCE7vkQymGwSW01hXqvjoaCi7lnsZz0maD:/D5y/+/vfD/+alCJmvulW6Nd0vD
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Udlaanslofterne/Incuss.Pen
-
Size
52KB
-
MD5
f9bb610fdaf3e9fb1b4faa9ffddfab51
-
SHA1
b0858761694b149c52d79d915d24d6d8fe161d14
-
SHA256
9aaa17344e82a1134ff2b6c6e1eee773f703fd9f110b9b58fdfb87824f5def78
-
SHA512
34f0f7ce7e4cbeb1ce0b699cfc97e5f6619dcd238fba0d9b30645d4fbc4ad5d97149355703568484b5110c621acd8eb1a0fb748359d4473cd7bf4b85235def54
-
SSDEEP
768:y8ydwJkymbROj2OT/UOomJZlXFpMI7k9D1Og/7wVKlMhVaPCQc2jVT:y8ycmd0DUOoGXFZKcg8OmVuD5
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-