General

  • Target

    22082024104920082024NuestrareferenciaNoCN20240080641.zip

  • Size

    671KB

  • Sample

    240822-n82dbawcja

  • MD5

    a6fda58fa4b3b00ba6894346449a0b25

  • SHA1

    1fbadf5ec386dba552371f25f0f048985a36653f

  • SHA256

    c9427440248fcb3a88a0ddf2fde8e4545c21402a9fec431660623738d76e5c3c

  • SHA512

    405070f43b642e982f47a22fe9ef8580f80ac0193a76c355cdbf9685ded43742a2c1cad6fcae7d38fe8d12a1ee8ccd63bbaa2edd3849792b2e51f049366363f4

  • SSDEEP

    12288:U44PKLopLbhtywmk2mWUDVOsVROeAa7WKN+7ZbC2kTvzW1gVDLpZ:Qxbrq7UBfOta6PbCFrUwDb

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Nuestra referencia (No CN2024-008-0641).exe

    • Size

      1.1MB

    • MD5

      a4da0c3a81ce6e35b803754ebb4a42e9

    • SHA1

      0445852f6b80331ff996b4773c100ce3dd31057a

    • SHA256

      205430bd493e7aa04d357f3cba5ad5959c32e099d79e6087546251aac52219fe

    • SHA512

      9a300e262b0e5542498bda518efcc88257e790b741e31b6e70da239dd67181c25284e81308f14c9e9b008daa7f10a0d8393d0f46d7fabf2c04e0587aeaf2ce83

    • SSDEEP

      24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8auGzCthIwX:zTvC/MTQYxsWR7auS+R

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks