General
-
Target
c9f7cbb4a9e4e0db0e717cd71d3b5e5162544866bc7c74cde42fb9240cf193db.exe
-
Size
1.2MB
-
Sample
241109-d6c8lawhql
-
MD5
cfd68f7d943d702ade1744a68308f0ca
-
SHA1
7e7bb8ff7a01ace1cee4b93d087bfad75aaefa0c
-
SHA256
c9f7cbb4a9e4e0db0e717cd71d3b5e5162544866bc7c74cde42fb9240cf193db
-
SHA512
9a198311992a149e0974d2187be2838a3ed969d284e0722e5a3ddb576c80f0d8eaed6b25683f10ffff8ccfb6bcfcc58ae4ce95747ce8c24e8100387f13f3b7e6
-
SSDEEP
24576:voqqHmQ2mlKCS22++Gpk3C99ZwYAKImqcSb7CkSE9bXy2pf3zxFTB:voZmQ7N25Gpk3CqvTHcQC3E97xF3zTV
Static task
static1
Behavioral task
behavioral1
Sample
c9f7cbb4a9e4e0db0e717cd71d3b5e5162544866bc7c74cde42fb9240cf193db.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c9f7cbb4a9e4e0db0e717cd71d3b5e5162544866bc7c74cde42fb9240cf193db.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Fiskerettens.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Fiskerettens.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
Comercialplastico3. - Email To:
[email protected]
Targets
-
-
Target
c9f7cbb4a9e4e0db0e717cd71d3b5e5162544866bc7c74cde42fb9240cf193db.exe
-
Size
1.2MB
-
MD5
cfd68f7d943d702ade1744a68308f0ca
-
SHA1
7e7bb8ff7a01ace1cee4b93d087bfad75aaefa0c
-
SHA256
c9f7cbb4a9e4e0db0e717cd71d3b5e5162544866bc7c74cde42fb9240cf193db
-
SHA512
9a198311992a149e0974d2187be2838a3ed969d284e0722e5a3ddb576c80f0d8eaed6b25683f10ffff8ccfb6bcfcc58ae4ce95747ce8c24e8100387f13f3b7e6
-
SSDEEP
24576:voqqHmQ2mlKCS22++Gpk3C99ZwYAKImqcSb7CkSE9bXy2pf3zxFTB:voZmQ7N25Gpk3CqvTHcQC3E97xF3zTV
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Fiskerettens.udk
-
Size
52KB
-
MD5
faf341db23ab218989520cdb488bd287
-
SHA1
dea8d00a028dbf3db1e4dc43c78f4953146a5512
-
SHA256
31986b7f9a99a42e3d59c24fa9a3530f7436f99ed3c7651f04debd3f62c44a89
-
SHA512
99bdfe35735c579102859774c3bd0809858d9628b3691ad4a9955016822139fe96f1921eed5d7dc57350faf6fbb4ba4f820278b04bb22ff88dcfefa2909da79f
-
SSDEEP
1536:We4ji4ZMCyENUaKEqfmM8PTjcHrhIU8Nmp42:8nR3KhmZLjcHOXYH
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-