General

  • Target

    267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3.exe

  • Size

    1.1MB

  • Sample

    240822-bltzha1arb

  • MD5

    0f78d5b9dd1e6f3c8728ac124313936c

  • SHA1

    43a8a50b2e3f4d3acc42858f51a2e790837c3c94

  • SHA256

    267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3

  • SHA512

    b7ac807621fa5ed512d4f1b01aadb3789cde4fe20ddc7beb75d5202d147e982d780275118c41a8229f77fe486272374978e11f9e6c1a9e610c39b83df096ebaa

  • SSDEEP

    24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a5M2AM7ND6XCIrX:ZTvC/MTQYxsWR7a5KNr

Malware Config

Extracted

Family

vipkeylogger

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.tahaqoq.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    T@ha5241+*

Targets

    • Target

      267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3.exe

    • Size

      1.1MB

    • MD5

      0f78d5b9dd1e6f3c8728ac124313936c

    • SHA1

      43a8a50b2e3f4d3acc42858f51a2e790837c3c94

    • SHA256

      267a4c8396962968921fd896ce7b783d846a6c85bf3654a714c674d05ed8f1b3

    • SHA512

      b7ac807621fa5ed512d4f1b01aadb3789cde4fe20ddc7beb75d5202d147e982d780275118c41a8229f77fe486272374978e11f9e6c1a9e610c39b83df096ebaa

    • SSDEEP

      24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a5M2AM7ND6XCIrX:ZTvC/MTQYxsWR7a5KNr

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks