Extracted

• • Target

    rPedidodeCota____o-20250325_pdf.exe

  • Size

    691KB

  • MD5

    8f54f3992cc7a3da06c8a617b5816419

  • SHA1

    a9e4a75e65b80860b3267a9883001617ca836d95

  • SHA256

    1f20d50f886138f94232c9b6b848163f5ed7edf4ed473c1507411b06b840debf

  • SHA512

    543aeceb7732758d063371538f9ef549b8542e7c586693c67b81840b57700f1500f359782d6c07ebb5222182c9c0d728ff39474e240fe0133851835c36c5b609

  • SSDEEP

    12288:mk+LIW771Zv4Wivvf+Nlv7c6YWRdxk4JzpnAwTIEUvKkwvqGMeys1c:SLjbv4WivvWNlvoMdm4JFAlMPmac

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2

• • Target

    Burrawang.Euo

  • Size

    50KB

  • MD5

    6d32d99c206a81fcfc06d7ed6225282d

  • SHA1

    f3740ea1acaa8452aa34a4dda3c1a6865881845c

  • SHA256

    d8602baba5af6700d20d5e2048fd527b3d84e4c5c78abb1b95f9abb20fee2c94

  • SHA512

    f430ed98550e4fdf4bd1905251ab0f81374c88b29d245a6c5fba7c1e9fd58d01b93467efd2e7813e7b37e76affdb985a24bdae715eb07f9215d77fd77253f22b

  • SSDEEP

    1536:HyMLcrTk2qMrlNQFNynfVkkyRDWSW1cZJI4:HZIXYnIkZWSW1K

  Score

  3^/10

  execution
  behavioral3behavioral4