General
-
Target
z6Ordende97001_pfd.exe
-
Size
592KB
-
Sample
241205-ztvg1ayjgk
-
MD5
4550742cb926aba24680aade09e087a9
-
SHA1
40964277d25bac2f8f21d5abe4a22c9bd18fd6b8
-
SHA256
adcff46a96c196f652df836870b30477de986a6c8b744c51e5617f96b069a882
-
SHA512
8a4bdb04b27da05ef13ac72869f91a3de8aa55ba31959de8951c5789ed66f2efbe15bb2f2f3a4744e688c9375c8212d375f8b54ecd8639a5ace6b64f9b2bb1a7
-
SSDEEP
12288:wlvLevPRvZgjtlf9hnpeQ72KRRk0FPRke5tl4gVttvfqPU4gM7+jof:wlTexWlh0Qa2pIe5pfqsfEf
Static task
static1
Behavioral task
behavioral1
Sample
z6Ordende97001_pfd.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
z6Ordende97001_pfd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.besemglda.com - Port:
587 - Username:
[email protected] - Password:
Lovelove@123
Extracted
vipkeylogger
Targets
-
-
Target
z6Ordende97001_pfd.exe
-
Size
592KB
-
MD5
4550742cb926aba24680aade09e087a9
-
SHA1
40964277d25bac2f8f21d5abe4a22c9bd18fd6b8
-
SHA256
adcff46a96c196f652df836870b30477de986a6c8b744c51e5617f96b069a882
-
SHA512
8a4bdb04b27da05ef13ac72869f91a3de8aa55ba31959de8951c5789ed66f2efbe15bb2f2f3a4744e688c9375c8212d375f8b54ecd8639a5ace6b64f9b2bb1a7
-
SSDEEP
12288:wlvLevPRvZgjtlf9hnpeQ72KRRk0FPRke5tl4gVttvfqPU4gM7+jof:wlTexWlh0Qa2pIe5pfqsfEf
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-