General
-
Target
07daf4cb7c5be4fdfae01ec1d1b8b875a0acd0f9c04326585dc64afe31811260.z
-
Size
648KB
-
Sample
240831-bd6y4axaln
-
MD5
e3817372d710ab679df5848af6fff070
-
SHA1
5a05cb02d7ea7a32a6c29ad76793ee880596dd8d
-
SHA256
07daf4cb7c5be4fdfae01ec1d1b8b875a0acd0f9c04326585dc64afe31811260
-
SHA512
c26729e006e7f50c7d234a81be39f6ba50a2eb3a761a452768e26505aa17826798272d3cbdbbbae7645006dc6eb90510c403b95cf0cfe2fc4bcd1a78b9425a4b
-
SSDEEP
12288:4WDs71+zoDieJQSW9iXaCG809Rg8xItmQ2/tYewu0QDOvwdgDbLHrsHN4JNIFbH3:4WI+zoOsW32eVIVu0QDO4d0bva4LOHXn
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
INQUIRY.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
195.54.163.133 - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
INQUIRY.exe
-
Size
705KB
-
MD5
08b45641b13ea906bfc7d47656c28573
-
SHA1
1c8f1759aa3f18b47952cd660542a5a72f522f15
-
SHA256
30507f7743a936de9f2e37f444a6fbfd7f5d684c9d22cd9354d1967e5333a89a
-
SHA512
2f70ff6bfeb50231dd7d645b5f9b500f7fd84ed17e3d642896b36c7b985db37046520da04e2ac72704bf31289fedbf3ec8824cc6cbb88675ae888afd56f327b7
-
SSDEEP
12288:+oW0xqd0fiXOond4GE9FT9rKDScUx7lWPMEyC/e+CMVkigU2kR:+olqdGiXOond1qxKpUB2MEyj+Ppgq
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2