General
-
Target
Payment Notification PDF.gz
-
Size
623KB
-
Sample
241211-p1s8eaxnhj
-
MD5
2de05561f50467940647676a7df2288c
-
SHA1
6f91cd9e113aac30b39025b5800a8bf162062afb
-
SHA256
3330b83ea0de9f2bfcb0998c3ad3aedb416bb1b14868674efc5310591969210d
-
SHA512
710048ecab85f44ad360509f71d3b6f8e05268bfa5d28518bece9c1445f963ad71525ad5867e0b17fa338bf5b37fa1347e9af7e56cb7454f29b758bcb857d890
-
SSDEEP
12288:dKwl1zonUPELr0Ol1LETB+GK44mvu6j7gbmj3s1FlaTHpRkb:dj1zeEMQRl4gFgbmDsFgrc
Static task
static1
Behavioral task
behavioral1
Sample
Payment Notification PDF.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Payment Notification PDF.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7735874420:AAHB5lmusBq4MdXRakEVmgMVQ6wUkxr5YLE/sendMessage?chat_id=2146433139
Targets
-
-
Target
Payment Notification PDF.exe
-
Size
1.0MB
-
MD5
80fb946e2d8d53ddf412d59d61bf83ab
-
SHA1
8b7da84b92c61858eeb56410e05b208d885560e9
-
SHA256
374b9a35bb8495f8de85a828224b6c1305ada58ca35d68798eb8e3ff9ec1d3a4
-
SHA512
ba245097cdfbf2c13e8e99bedf2d46e3e6190b337a0b015077005d2a17f813e19fa9c0feab47c9dea45b019c49e5a067cf382ab5a61d135d108dd89e0adcb2d2
-
SSDEEP
24576:Uu6J33O0c+JY5UZ+XC0kGso6FaInRgdQUyWY:uu0c++OCvkGs9FaIaY
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-