General
-
Target
0082894fe6ad417b15fa85c6853915cbb6ced7ce45265fdad22c4118186e01f6
-
Size
692KB
-
Sample
250701-e8ckhs1sbs
-
MD5
902b8afa581f6d9ac31960400d1415b7
-
SHA1
93e5b7b508ddcb7baffc664b43e6dd408cfa3ca9
-
SHA256
0082894fe6ad417b15fa85c6853915cbb6ced7ce45265fdad22c4118186e01f6
-
SHA512
50f933aab8ca396f9215658660cdff62a914ad1bfa42f5e8194c86a8523fe94d9ff453e9d0187a9ac664d932003aef83076f283e71ea2e86b399f7eb34d3d847
-
SSDEEP
12288:SMCvVVK8F/lE1fvr1J4tsVboSuzavk9ysBnC3JLlOUYxOJFc/qbfMiV:xCvfXE17v4aKcZgC3xk9EFAqd
Static task
static1
Behavioral task
behavioral1
Sample
Official scanned copy of the Purchase Order.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
Official scanned copy of the Purchase Order.exe
Resource
win11-20250619-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aktagor-prom.by - Port:
587 - Username:
[email protected] - Password:
RC84pv9H2*F
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.aktagor-prom.by - Port:
587 - Username:
[email protected] - Password:
RC84pv9H2*F - Email To:
[email protected]
Targets
-
-
Target
Official scanned copy of the Purchase Order.exe
-
Size
763KB
-
MD5
668d73ce07fae36076859ecfb9ee11b2
-
SHA1
b4499a5ee979f863d02be1e307652505b0a1b2f6
-
SHA256
62189b25fc1d9278b2382de2478835111bb016004d383b2884dcf6ed19d17933
-
SHA512
866eb4a28d522c756fb458a7557731204022d55c67f3ab03760152976a98c5c16a4f2261bb265bf4d6b1b68810e5f89e6040a4cf122742b782f597713fad6951
-
SSDEEP
12288:ET+iZMeKlE1/vPZJ+tsfboAuzqvA+EXEf97Tr+54JIJoE5ScUYtOvFc/7VTIPjU4:siE1fT+a8sA+ds4JIKE5hR0FAF8jUDJ
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-