General
-
Target
626164ebdea260921ec4dcaf4f3396f53b4722aaf19a7d4dac2e943c671045a2
-
Size
692KB
-
Sample
250701-e8cwaasks2
-
MD5
d74571795bac5c7b6bd1e10545a8439e
-
SHA1
2ab73edcda8d651c8d8f832b4e7ec2040c1db13c
-
SHA256
626164ebdea260921ec4dcaf4f3396f53b4722aaf19a7d4dac2e943c671045a2
-
SHA512
9fae3df0b4c93952a0beac27d9f9d5f91d83e6c6d63845a4808e1edf14f2b33146064e8a3100ab06c2cfc2ddfe1522fa35c189b50df9806d4f706b38ee6837ce
-
SSDEEP
12288:qMCvVVK8F/lE1fvr1J4tsVboSuzavk9ysBnC3JLlOUYxOJFc/qbfMiw:5CvfXE17v4aKcZgC3xk9EFAqo
Static task
static1
Behavioral task
behavioral1
Sample
Terms and Conditions.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
Terms and Conditions.exe
Resource
win11-20250619-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aktagor-prom.by - Port:
587 - Username:
[email protected] - Password:
RC84pv9H2*F
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.aktagor-prom.by - Port:
587 - Username:
[email protected] - Password:
RC84pv9H2*F - Email To:
[email protected]
Targets
-
-
Target
Terms and Conditions.exe
-
Size
763KB
-
MD5
668d73ce07fae36076859ecfb9ee11b2
-
SHA1
b4499a5ee979f863d02be1e307652505b0a1b2f6
-
SHA256
62189b25fc1d9278b2382de2478835111bb016004d383b2884dcf6ed19d17933
-
SHA512
866eb4a28d522c756fb458a7557731204022d55c67f3ab03760152976a98c5c16a4f2261bb265bf4d6b1b68810e5f89e6040a4cf122742b782f597713fad6951
-
SSDEEP
12288:ET+iZMeKlE1/vPZJ+tsfboAuzqvA+EXEf97Tr+54JIJoE5ScUYtOvFc/7VTIPjU4:siE1fT+a8sA+ds4JIKE5hR0FAF8jUDJ
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-