General
-
Target
Technonomic.exe
-
Size
759KB
-
Sample
241224-mghlfsvmb1
-
MD5
c174a412be6f74c3323ae8d6d4737086
-
SHA1
c703daa5df8c281206a8d85b582b8a1b729748f5
-
SHA256
bb71b94948e6929047bde8df94c187fbb6f2cc0119a0c386f84b9ea144aabd67
-
SHA512
9f2b95174fd1283964ea61e6dbe07c450ed0a01aad6b3852c43ef6811a92878f0f123dfbc1f88b2cf05479a94af098591bd579f3c3581521819f3b12d20dfa42
-
SSDEEP
12288:iDGZKmormA1bzZN13qv776npUyBsIpxBFmgI2uSb+zKikGOfj8UvbjSM+LLWwvpf:gmor/1/Z877oS8sEx/PI//zKNzpbNQLt
Static task
static1
Behavioral task
behavioral1
Sample
Technonomic.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Technonomic.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8179583980:AAG4cdQWaAviOBBhSs3OrT1OX6_IUptNQv8/sendMessage?chat_id=6070006284
Targets
-
-
Target
Technonomic.exe
-
Size
759KB
-
MD5
c174a412be6f74c3323ae8d6d4737086
-
SHA1
c703daa5df8c281206a8d85b582b8a1b729748f5
-
SHA256
bb71b94948e6929047bde8df94c187fbb6f2cc0119a0c386f84b9ea144aabd67
-
SHA512
9f2b95174fd1283964ea61e6dbe07c450ed0a01aad6b3852c43ef6811a92878f0f123dfbc1f88b2cf05479a94af098591bd579f3c3581521819f3b12d20dfa42
-
SSDEEP
12288:iDGZKmormA1bzZN13qv776npUyBsIpxBFmgI2uSb+zKikGOfj8UvbjSM+LLWwvpf:gmor/1/Z877oS8sEx/PI//zKNzpbNQLt
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
1b0e41f60564cccccd71347d01a7c397
-
SHA1
b1bddd97765e9c249ba239e9c95ab32368098e02
-
SHA256
13ebc725f3f236e1914fe5288ad6413798ad99bef38bfe9c8c898181238e8a10
-
SHA512
b6d7925cdff358992b2682cf1485227204ce3868c981c47778dd6da32057a595caa933d8242c8d7090b0c54110d45fa8f935a1b4eec1e318d89cc0e44b115785
-
SSDEEP
96:s7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN838:UbGgGPzxeX6D8ZyGgmkN
Score3/10 -