General
-
Target
23122024_0134_PAYMENT RECEIPT_pdf.cmd.zip
-
Size
312KB
-
Sample
241223-bzbebatkhz
-
MD5
72608777a8fa21003c23437af1c7983b
-
SHA1
51634e2a12f7106672d6e7fc11417623494cb679
-
SHA256
79492cddbfcf0464ed14297447454ccb548db37ecd084477b7a76fa5a7a7ec35
-
SHA512
a947a7ceacefd5f191de9157c809bcf8e0ab323ff56d4f30f80433aed749ef65511beb098aa7f00245924bde7f466877f99c4ce8dfc1bb8b5cd8a4d26c79b031
-
SSDEEP
6144:BjGFtBQ/e8WzR114pc6kIh9HdoRNRu4gPo6Pvm:BIBQ/zWzR1+zkI3HdoRDu4gPo6Pu
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT RECEIPT_pdf.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
PAYMENT RECEIPT_pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
jhxkgroup.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
PAYMENT RECEIPT_pdf.cmd
-
Size
472KB
-
MD5
6777212486b6ff2da8284ca567e8787b
-
SHA1
7cf028ad1ccd53c81e9b1596f240115d886ab410
-
SHA256
c8a51f63236d6bd55b39a715498e6bf36f9095ebcb9d882eb7837853162244e8
-
SHA512
8dd911a32596ff329e92f99681bf098f73decd0c0e536391f6d027481eac4695bfbdb6d45aa73dcb204f83bc2f9ec2a13d1ae8a878d510e525188db4738142e9
-
SSDEEP
12288:uVniZ8bCOWuvgsIhHdPKgxi5+FhPWs8jyFe2:uBiUcsunhPlFe
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-