General
-
Target
0473ffcd0dbaddac6344a44a1ce59354f267e1f7c1db1b6eb670a48244e2c615
-
Size
834KB
-
Sample
241023-twld8azbpd
-
MD5
0ccd84494dff71f3ee7267b53069c826
-
SHA1
678aaceb8ec8ca08e39f30ca1061330935d7ca54
-
SHA256
0473ffcd0dbaddac6344a44a1ce59354f267e1f7c1db1b6eb670a48244e2c615
-
SHA512
da46c9687291c1c0a729dc516cbeb6e8c1a76861ef3361d9233053f9d2f37450b81fc8ed5b02fcf8b09e52cb2970e1e2fcee98794e180c95398e7fb759360d19
-
SSDEEP
24576:GaPv/3RuEwoxxppiCVs2oWfpVRRKKL3cU:G6v/BZxiCVs2RTRR1cU
Static task
static1
Behavioral task
behavioral1
Sample
RFQ NO - NÚMERO DO PEDIDO 106673.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
RFQ NO - NÚMERO DO PEDIDO 106673.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.vvtrade.vn - Port:
587 - Username:
[email protected] - Password:
qVyP6qyv6MQCmZJBRs4t - Email To:
[email protected]
https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544
Targets
-
-
Target
RFQ NO - NÚMERO DO PEDIDO 106673.exe
-
Size
1.2MB
-
MD5
9d1b974a38b19a833b69f2bfdc0688f8
-
SHA1
cbdf6cf01a69f8477cfc50d1cc1490457d28d7f3
-
SHA256
7ff42bacf844ade960d12cf1df99ce36be17f18903d2188e8de6d410033acaf1
-
SHA512
884c2fb4bd1d8b97fc153c0cc8dbcd0cf9d4eb5ed741fc2d1cd409735fe3f41e7382a7dc2ed21415753b4b5dd89ec7849ff0e21144ec988ed7c4b5e4e623cd41
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLSvogytmuL2T1101DTxGQ8X:f3v+7/5QLCItmce11KTcQ8X
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-