Resubmissions

08/08/2024, 09:58

240808-lzg7zasbqn 10

07/08/2024, 11:47

240807-nx26ga1gqa 9

General

  • Target

    C0R98180T99809668.eml

  • Size

    153KB

  • Sample

    240808-lzg7zasbqn

  • MD5

    4dd43cd28cf4f2be9901f499fdfbc187

  • SHA1

    920208a90ae33b009687886609f00085be4f5ca1

  • SHA256

    490c6a7ecbe059cdf50cd5a218cb15f841e8064f529cbedd33592db4386efd89

  • SHA512

    3c4e74067412261732f6f5bb72cc14ce6ce2e86b0f3dadd3ae594dc2e6e32a84c3af6797fbf33113a8db5ac10097dd28865243302e39555e45aee35f44f5c5ec

  • SSDEEP

    3072:xeusf2cv/hor9Bgt9u2a5ol9nY+42m52GbVF97H6k2/P:Ri2cv/h0Bgt95vHnYlAGbVkP

Malware Config

Targets

    • Target

      FedEx AWB 000263577955.exe

    • Size

      270KB

    • MD5

      cfc120bf407819279cf397b82349f981

    • SHA1

      02a48aa73c673adb1e0f7853a2134621915c20da

    • SHA256

      b8d723a1c3a3fd42eebbf246571cf7704bc34001cf1a7599b0e2838957537140

    • SHA512

      c8910a24f0ea386847824994537a8216238abac73ec242a2588d3f93a45681e86626781afa203799d7769b3d791273cca6242267d23510833f6c1a32f2246f72

    • SSDEEP

      3072:lRaT7BpxrdPlRH/Pc3ctX9eymsjK5aBlTpHOKpSUYmyG5EMbfPG4s0PUYTVg4i4g:8e3slTsUVyGlbnGGzb

    • Detects VIPKeylogger Payload

      Detects VIPKeylogger a variant of Snakekeylogger.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks