General

  • Target

    5a20cda7ba803803fff6f58ffa694f2f2cedf6eebf1cb97fb87570f219018f13.exe

  • Size

    1.2MB

  • Sample

    240828-sgnqcsshlg

  • MD5

    2bb48ec5bbd40bea3425ea962ce1f7dd

  • SHA1

    9358995c3e5710879f5636977fa06733cfda8dc1

  • SHA256

    5a20cda7ba803803fff6f58ffa694f2f2cedf6eebf1cb97fb87570f219018f13

  • SHA512

    248aa52f7be43fb735e92a77836fb004af641a023726306c969f6856bfe49109370bfd99c2e0a683a3d8061c8cfab7ffa3f261c1e42f32246d9cf44c0eaad77c

  • SSDEEP

    24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aLDPCPZORBnaS3s7r1:aTvC/MTQYxsWR7aLD6hy134r

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.humatextiles.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    humatex786

Extracted

Family

vipkeylogger

Targets

    • Target

      5a20cda7ba803803fff6f58ffa694f2f2cedf6eebf1cb97fb87570f219018f13.exe

    • Size

      1.2MB

    • MD5

      2bb48ec5bbd40bea3425ea962ce1f7dd

    • SHA1

      9358995c3e5710879f5636977fa06733cfda8dc1

    • SHA256

      5a20cda7ba803803fff6f58ffa694f2f2cedf6eebf1cb97fb87570f219018f13

    • SHA512

      248aa52f7be43fb735e92a77836fb004af641a023726306c969f6856bfe49109370bfd99c2e0a683a3d8061c8cfab7ffa3f261c1e42f32246d9cf44c0eaad77c

    • SSDEEP

      24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aLDPCPZORBnaS3s7r1:aTvC/MTQYxsWR7aLD6hy134r

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks