General
-
Target
831d910bffcfaebaea5b3ecd027acdef5c64ca9e5462b4b12f4f95abaf89d11b
-
Size
817KB
-
Sample
241022-tljsmsvhqm
-
MD5
b1d177673ab0aadf64481d3059d998d3
-
SHA1
7090cfbde48e3be7f2758b423876257fc86e7244
-
SHA256
831d910bffcfaebaea5b3ecd027acdef5c64ca9e5462b4b12f4f95abaf89d11b
-
SHA512
626efd450e969c84d6bbc7d78ede5ba2d59b4ca6d041ec3c7ff7b3f12ebf482bec6d4c252208447d85a17ff221874ecfa940cc9286c6e30b73bb54533200a25b
-
SSDEEP
24576:n/zkH7OtxXqzpQKhK1xlJi53XJCiPzzeJYlXtuPz:7kHexVWKDlJ2MiboDz
Static task
static1
Behavioral task
behavioral1
Sample
Miljpaavirkningen.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Miljpaavirkningen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Kreditnotaens/Plettes.ps1
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Kreditnotaens/Plettes.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
noVE@2879 - Email To:
[email protected]
Targets
-
-
Target
Miljpaavirkningen.exe
-
Size
895KB
-
MD5
0327d3ca2373bdcfad29ae18a7554884
-
SHA1
92ce0598c98f0ddc2ae136491f0e988ddcf29d49
-
SHA256
eb60de90ee98dcc76c344d75d96f2eb72bd4466a504f2668a660ec928abf07e1
-
SHA512
efdd810fab7b956116a99ba2d78e723474e14343c8cd5cde01ae8cb61a441aad14f516a151c530b42b7b8b1760405ca87c9415cbf53a541190c92e2250c751ee
-
SSDEEP
12288:N5e/L/ujA9jjzAmiTs3QCXDzo3vKz/oByv268ODurlKRFP7Pytafm6wY8yujWX6d:abu0wmt43w/9268OD6lm7Pytae6/B1G5
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Kreditnotaens/Plettes.For
-
Size
52KB
-
MD5
ce0a682e2db6ee3b12ff901dd3bb16d8
-
SHA1
d661a2f36066a9482a99c47c7773fc79161ea983
-
SHA256
f73707d437fa4b1c7350b2eaf02faff3752d2267faa038e789fc3253aa08ae5e
-
SHA512
75acea1f522ca924304dbaf44ce5732d04fe746c985edf2fe90e4de1ab036940f5f3a2cf76a0e8338f23014a1226de91af8b9c4aecfdb537a489b003b314f7c7
-
SSDEEP
1536:wSzp6zgtCnDFOdY4ARI0LEvoaxTs7BdGiyn:wGp6zgtCnZOzARpLLaxw7BdGiK
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-