General
-
Target
a4956913217c76927966d7f96d647a087749705a1d45d17a11e19f2a707fd9e7
-
Size
886KB
-
Sample
241023-yw7dxazcnj
-
MD5
87b6b9152413a1494d2b76fd31ba9691
-
SHA1
dbd36c622142cd929deb87892a96b9331161f661
-
SHA256
a4956913217c76927966d7f96d647a087749705a1d45d17a11e19f2a707fd9e7
-
SHA512
98d4839a46c8aee23f08c60a2440827330458695f44ea9f0a429df5ca961acdf456a68244925b6802d4107e19d294e025b3d631db789d6c624f57b1b4a1a3f57
-
SSDEEP
24576:OVzql6BXY56sFN5aobDWJGiOFCLdi9hdTtcp14lZ0:OVq56uaoXWo3aehdT6kQ
Static task
static1
Behavioral task
behavioral1
Sample
justificante de pago.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
justificante de pago.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Fyldiges.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Fyldiges.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
#BOYS_2019_ToNa#
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
#BOYS_2019_ToNa# - Email To:
[email protected]
Targets
-
-
Target
justificante de pago.exe
-
Size
990KB
-
MD5
d3c00b7eda8c538a2938610398e69a74
-
SHA1
cd93e03dc64c2064d0aa586e00a00f9c99ea36bc
-
SHA256
2e2dd6f6dd471723ad206f6b8f154f3a84aba592e2838942b5e35b4378522ef4
-
SHA512
719c03d1ded02334f1f74812f8e4a193f9028291eb190d4e241b4b34b055c6c7deef31bf33bea047a551ee14df35443a6cefe294907ac87b0918dade5f470837
-
SSDEEP
24576:J+63+OSOWAnNN591nNr8xAGuwIm/yWiopvC9wF:J+tOSqnNN591S/RaWi6MwF
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Fyldiges.Tid
-
Size
53KB
-
MD5
dbe1380eb686fc84a3cd87ee84077382
-
SHA1
66a6b15521a3affc3d9b893554475078f41224a0
-
SHA256
b05d49191a62ec38497b0ae6378c984ac2013d6fec29b62d94299d88f5d5d279
-
SHA512
84987e2a263284df3d365caed6b549c93f23ad0982ffa7b8acfd21562c68ad1a2b198a47b2877e6ef4c4d679fe710cefa2df0de37a303a64838ac1b796d9335c
-
SSDEEP
1536:S5OtREySF0zWeeIsGsnhPqsw7XKIVoR9Fj:S5OtREyxWegnhPq3s9Z
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-