General
-
Target
Remmitance for Invoice INV67537829 Payment.pdf.exe
-
Size
856KB
-
Sample
241021-q8zwlawenh
-
MD5
86632775e2f5776bfce4c7e2df632903
-
SHA1
921d772df60b49676ae2c512fcc15e86d33965ca
-
SHA256
e1f1e5970511d1bebefffb1d2da35cc65cd287d9c7be042c194fa8f8dce37cec
-
SHA512
e3169916e2144e9f64e2eafa13805c231713733fc213e5827f6d38af3ff47383eee819389e8df9265067f374e1f93432e5288175c9c6ba3d09721a67b58caeec
-
SSDEEP
24576:/aApdWAzcP5hb7e79uU9Pq/33Grj+alCJmvulW6Nd0v6:ppd1cRN6pMS+m7mwMA6
Static task
static1
Behavioral task
behavioral1
Sample
Remmitance for Invoice INV67537829 Payment.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Remmitance for Invoice INV67537829 Payment.pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
noVE@2879 - Email To:
[email protected]
Targets
-
-
Target
Remmitance for Invoice INV67537829 Payment.pdf.exe
-
Size
856KB
-
MD5
86632775e2f5776bfce4c7e2df632903
-
SHA1
921d772df60b49676ae2c512fcc15e86d33965ca
-
SHA256
e1f1e5970511d1bebefffb1d2da35cc65cd287d9c7be042c194fa8f8dce37cec
-
SHA512
e3169916e2144e9f64e2eafa13805c231713733fc213e5827f6d38af3ff47383eee819389e8df9265067f374e1f93432e5288175c9c6ba3d09721a67b58caeec
-
SSDEEP
24576:/aApdWAzcP5hb7e79uU9Pq/33Grj+alCJmvulW6Nd0v6:ppd1cRN6pMS+m7mwMA6
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-