General
-
Target
001_215_EA2047939_202410210815.exe
-
Size
867KB
-
Sample
241022-pmah5svcpe
-
MD5
25da279ad7ee7cc3b8d3e5cd5aa4b5b2
-
SHA1
d1fc6cbe8d8cca235ed29de6b109a0cb951eb5f3
-
SHA256
963d35a92ffdbbdd35c71fc392a73ce49e242ca1b80f94204ef714cc42bbf8d0
-
SHA512
db074cfe6c006f194b8b4ca983fb83a88229beb229504c8eba07140fe490974e90dfe75b66b9c4d81bd319fdaaccc822473064771b7ac8d333012859f139498e
-
SSDEEP
12288:l9Zwb4/I1H06OdtVQuqilUSDFOIBETeVlCE7vkQymGwSW01hXqvjoaCi7lnsZz0W:/dPFtVtOIB+alCJmvulW6Nd0vu
Static task
static1
Behavioral task
behavioral1
Sample
001_215_EA2047939_202410210815.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
001_215_EA2047939_202410210815.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Kontokurantens.ps1
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Kontokurantens.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
Jc.2o3o@ - Email To:
[email protected]
Targets
-
-
Target
001_215_EA2047939_202410210815.exe
-
Size
867KB
-
MD5
25da279ad7ee7cc3b8d3e5cd5aa4b5b2
-
SHA1
d1fc6cbe8d8cca235ed29de6b109a0cb951eb5f3
-
SHA256
963d35a92ffdbbdd35c71fc392a73ce49e242ca1b80f94204ef714cc42bbf8d0
-
SHA512
db074cfe6c006f194b8b4ca983fb83a88229beb229504c8eba07140fe490974e90dfe75b66b9c4d81bd319fdaaccc822473064771b7ac8d333012859f139498e
-
SSDEEP
12288:l9Zwb4/I1H06OdtVQuqilUSDFOIBETeVlCE7vkQymGwSW01hXqvjoaCi7lnsZz0W:/dPFtVtOIB+alCJmvulW6Nd0vu
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Kontokurantens.Unc
-
Size
50KB
-
MD5
8a4da8bab6993bc24f8ba89b1a5035ba
-
SHA1
0266616ebaff76b9027bdf4a52742bbb6d7dbf90
-
SHA256
d19add8d848501931650d9c2f77d4519b15ffe2399a161dac88ea99c07f1b62d
-
SHA512
1f604a65b0fb4543feab6eb9584aab3c47c5ebcabf251492c7be827e3c5d547f310ff05354bf30837fe8192be427c1855ec22783a0be14db15b40b1f05a13c50
-
SSDEEP
1536:em3/0wJ5Bo29iuM2fkfAFr6+nw0JefyiwDs:/3/0EbiuRcot6Ocfyiwo
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-