General
-
Target
PAGO FRAS. AGOSTO 2024..exe
-
Size
874KB
-
Sample
241021-kyjhzazanm
-
MD5
400ae56b0e2f429c20f563959042b2e9
-
SHA1
383b18e2e55a4f7bea251cc82aec9cdae9f22fed
-
SHA256
7e6de6e460ec2322a30dfeca3a723811d3ac15486fa2139a3454edbc7b1927df
-
SHA512
cb9df99342ba1b59461f14256790e40d82db0d989e496b1e7ee3baaeea29de464f307831cc43688261a8e55a067d8d5538efdd3185695518c70cc84a67c3a827
-
SSDEEP
24576:/FxyAEp6l1UyqTxWBhc+alCJmvulW6Nd0va:3ykYxTxA2+m7mwMAa
Static task
static1
Behavioral task
behavioral1
Sample
PAGO FRAS. AGOSTO 2024..exe
Resource
win7-20240903-es
Behavioral task
behavioral2
Sample
PAGO FRAS. AGOSTO 2024..exe
Resource
win10v2004-20241007-es
Behavioral task
behavioral3
Sample
Vandrerlav.ps1
Resource
win7-20241010-es
Behavioral task
behavioral4
Sample
Vandrerlav.ps1
Resource
win10v2004-20241007-es
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
Comercialplastico3. - Email To:
[email protected]
Targets
-
-
Target
PAGO FRAS. AGOSTO 2024..exe
-
Size
874KB
-
MD5
400ae56b0e2f429c20f563959042b2e9
-
SHA1
383b18e2e55a4f7bea251cc82aec9cdae9f22fed
-
SHA256
7e6de6e460ec2322a30dfeca3a723811d3ac15486fa2139a3454edbc7b1927df
-
SHA512
cb9df99342ba1b59461f14256790e40d82db0d989e496b1e7ee3baaeea29de464f307831cc43688261a8e55a067d8d5538efdd3185695518c70cc84a67c3a827
-
SSDEEP
24576:/FxyAEp6l1UyqTxWBhc+alCJmvulW6Nd0va:3ykYxTxA2+m7mwMAa
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Vandrerlav.syn
-
Size
53KB
-
MD5
49efaa361fa814ae9123a4402a61a0d1
-
SHA1
fb0d528bd5092db2edbf5cdfd170c4f99f95de3e
-
SHA256
f60736c8ae2a891dd30ed3139b9a809f6db0a8073e6407f9fd3ea05cee092d5d
-
SHA512
fff32029eeec0b5ff646941e636ac698220c1229eec0dc85060800da2f41382bb53537547d4a3bc7ae59d4ff68ae5fc71fe1fc5b50b89df12dbf4337dcd1350f
-
SSDEEP
1536:rPamKP6L416FHUmCNBYsKvWubxxebyGOKYCpdvJd:rbKg7UmCHYxb2RvP
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-