General
-
Target
23102024_1333_22102024_PAGO FRAS. AGOSTO 2024..rar
-
Size
821KB
-
Sample
241023-qt1vcavbqp
-
MD5
7c0c32313ef42dfccabc44463d748f73
-
SHA1
e62e61c86aa36e8ed559d3a3580c4245e993152f
-
SHA256
98a385cd6387d809e8b82d8634c542da05f43b977f5c0c57304df2ef725200fb
-
SHA512
35ebcc0ed734d579d3b18a266fd7a34e3ce5607604e845274bfb2898b8ef8778a1b18034f34d27a73982d9dcb2a6316aaec0d7938648e3d24f05cb55f24d6c7e
-
SSDEEP
12288:sk0eiMTI/uzNYJCbKx5IfEeNNN7RrLCcSsivedM0Qiu1YNt9tQlxdbK/y2TqwP6p:V0xMa1s65IfEeu9e23i2SEN4qs8v
Static task
static1
Behavioral task
behavioral1
Sample
PAGO FRAS. AGOSTO 2024..exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
PAGO FRAS. AGOSTO 2024..exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Vesperkost.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Vesperkost.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
Comercialplastico3. - Email To:
[email protected]
Targets
-
-
Target
PAGO FRAS. AGOSTO 2024..exe
-
Size
900KB
-
MD5
d2bb55d90b4fe13d981297c8f452e810
-
SHA1
e35c73e93bef613a1aa1cb7707b8cde2489df897
-
SHA256
a286c68d65f2582414caf8229aeaba8365d7b84de92c5da4c39b7482136b5271
-
SHA512
875819a87d64cee9a3d9f4e9afb84adca711d72d7b8a5b3837cd22abff017e57434b8a0de7502118e2a16aaada2d3ab4d89a3cc8db0207d22278ae6046ef4547
-
SSDEEP
24576:obu96/xtr62ldmWFZD6lm7Pytae6/B1Gl:vC3tmKZgm7OjGB1Gl
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Vesperkost.Ufo
-
Size
53KB
-
MD5
e35283bacb62d15976b5841105b466a1
-
SHA1
0203661c08ae261483cd9da1c21d7173f8ea329d
-
SHA256
d6a7990b9c733d4ba3b1b0d2e5e42dfa2253b22fe345f4870bf24686c516788d
-
SHA512
9a0fbd409e74472330f6ec78e453af0825704d3d1f132657b6f8f32f738d51dc70a4124edade7c0fe3c6cc48c6774f8d822d4207d7e5f0879ae386df3e9521e6
-
SSDEEP
1536:aU2++zktjXZ1gOBaa9pa5LXX4goZUxnIJu+OEK5Nl:BjJ1gf9Ln4rOxnp+O5Nl
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-