General
-
Target
11122024_0100_Fizetés27794777_2024_pdf.exe.iso
-
Size
1.6MB
-
Sample
241211-bc4scasncq
-
MD5
09478902ed90a848a48814529a219dd1
-
SHA1
47812866ac4c0e3b2291976175ec43ca4cc00380
-
SHA256
e43c4489148ac5ae3bd8d71a78121d03225c222b26f58a8017260ebea5b1a851
-
SHA512
7b21ae75e8b51a274e947bdbb697fe422f9af45b1ffa38ecc1377c622c8f65b0b0cfbbb09f562fa317378759061666b600291830abcea08058860dd410536ed7
-
SSDEEP
24576:Ru6J33O0c+JY5UZ+XC0kGso6FaMfK9xH1g8FWY:Du0c++OCvkGs9FaMfK9xVUY
Static task
static1
Behavioral task
behavioral1
Sample
Fizetés27794777_2024_pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Fizetés27794777_2024_pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.chata66.sk - Port:
25 - Username:
[email protected] - Password:
bGf865RweX - Email To:
[email protected]
Targets
-
-
Target
Fizetés27794777_2024_pdf.exe
-
Size
1016KB
-
MD5
60a3ebd74f95ca762c400b77a6356216
-
SHA1
0cb5d79033bc60f432400bc886ed90e71a5c89ae
-
SHA256
6867e4527b256c95fc4f907e3d978b3d005ee8cd068696668860e9115d831664
-
SHA512
29ea7a1b02ffd5acf2443889d60f303515caea9d093afc850d6e43fa3be87cf81fd5e858fcec35dde7d4d92fa158a0f96d1557a0fd4aea94a6782d608def6b26
-
SSDEEP
24576:Mu6J33O0c+JY5UZ+XC0kGso6FaMfK9xH1g8FWY:Wu0c++OCvkGs9FaMfK9xVUY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-