General
-
Target
ce579346b070be66569b7b4906099f5256b9e3e8bfe78073a654bb83324bda53
-
Size
456KB
-
Sample
241212-k5czrs1qan
-
MD5
95927fb1e8a09af56471251316609c3e
-
SHA1
68261b0121625ff95bc564eab463059e50e18b0e
-
SHA256
ce579346b070be66569b7b4906099f5256b9e3e8bfe78073a654bb83324bda53
-
SHA512
744a61f65243753acea76db3d562af71801900e065ca6669be05643087cb5f647f00fa5c4d8db8fd15f50b4687fc25baa1382dfc3e7a2add06471b54f14623e1
-
SSDEEP
12288:dS8GoY2QBXxlc+x8qmkj6ulTpZhXpMudlp4eEPTKuJTL:dxLmXxLv7XlNHtp4FKuJTL
Static task
static1
Behavioral task
behavioral1
Sample
Payment.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Payment.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
0.5.8
Default
69.174.100.131:6606
abkZfsCYRZhk
-
delay
10
-
install
false
-
install_file
order.exe
-
install_folder
%AppData%
Extracted
vipkeylogger
https://api.telegram.org/bot7721085569:AAH1tkciy-nKykIEUNjOAUsItTcvNCVmFLo/sendMessage?chat_id=6236275763
Targets
-
-
Target
Payment.exe
-
Size
940KB
-
MD5
ad45a46cc2809a1244ba4a05b2411096
-
SHA1
873324976c33ea8870e5fd68a5913a924b2932ae
-
SHA256
1ca25ad8f6c161c67a4b78ab8aca6f8795210dfe17555d5448302d5054af3f0b
-
SHA512
e5eb407686c3fae6d2c26c20b789aa6427ef86d64acc19a611fb8a4b0d23112ed194bebbb1837610579498e9ec0bdfdc4871cd986d011b4e2279e6c819900e26
-
SSDEEP
24576:fu6J33O0c+JY5UZ+XC0kGso6FaCSS4R1WY:pu0c++OCvkGs9FaCSSTY
-
Asyncrat family
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-