General
-
Target
FACTURARAGOZA.exe
-
Size
840KB
-
Sample
241021-lbnpvayamd
-
MD5
8b7d3863a10666b5b4fca4230c413755
-
SHA1
1125d82c42bb40664961ee5b57d29da65cd300b0
-
SHA256
7c4a22d1264cf34a71cce344a1a5e38bbe50ab5bf7bd560d98e04759c1bd6029
-
SHA512
16cb86bc69971e7b97a229f7d4ba7abd33d1eea721980f794c8472dd549b263758dbcd68a3b9269fefe255560dc820612ad9ee819aaab692b12073c93ad7b5a9
-
SSDEEP
12288:l98Xpcv5nBOae+1lEPE5PyZHIETeVlCE7vkQymGwSW01hXqvjoaCi7lnsZz0mas:/Mp0OzolUHI+alCJmvulW6Nd0vs
Static task
static1
Behavioral task
behavioral1
Sample
FACTURARAGOZA.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FACTURARAGOZA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Eeriness.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Eeriness.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
HSBcargo_22 - Email To:
[email protected]
Targets
-
-
Target
FACTURARAGOZA.exe
-
Size
840KB
-
MD5
8b7d3863a10666b5b4fca4230c413755
-
SHA1
1125d82c42bb40664961ee5b57d29da65cd300b0
-
SHA256
7c4a22d1264cf34a71cce344a1a5e38bbe50ab5bf7bd560d98e04759c1bd6029
-
SHA512
16cb86bc69971e7b97a229f7d4ba7abd33d1eea721980f794c8472dd549b263758dbcd68a3b9269fefe255560dc820612ad9ee819aaab692b12073c93ad7b5a9
-
SSDEEP
12288:l98Xpcv5nBOae+1lEPE5PyZHIETeVlCE7vkQymGwSW01hXqvjoaCi7lnsZz0mas:/Mp0OzolUHI+alCJmvulW6Nd0vs
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Eeriness.Jen
-
Size
52KB
-
MD5
e2e26c97990da8cb9c55ee8c58b978b7
-
SHA1
234394c3b09003f750f25fca64fa913af426e2b0
-
SHA256
e0811f5bd681f1d6f459bff5a17d9eca6c0eb20d715b6b0d2226f716a27716df
-
SHA512
00884ccbddc2236d90029fa120b500ca2253574b00621bf74d41d04b89337f54a253837d477b7bb0f5d99c58e6a16e53c4bf5a2f5ca75ae345df5feaef25c5a2
-
SSDEEP
768:uZO8t25IA76eZYpd1LpO8b9a8TkKBorle3uAKAF9ptPwejG4HdjdeZi3JV8dUYM6:VEjiYlO09/zYeV7zPG49jdBcB
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-