General
-
Target
e3817372d710ab679df5848af6fff070.bin
-
Size
648KB
-
Sample
240901-cayc8ayanr
-
MD5
56d77eaed8313b06f6f3dcca05465d6f
-
SHA1
f69175aed3df29cd59d15e6433f8703e03c6178e
-
SHA256
3833749a6877ac2c7206d591d74715a5e919ad2af1a811b17ad2c7c07c574bae
-
SHA512
38ef33e3ba16ba41bfb41f10d7cb45720944bf326d6e9b4c0e755dc14cc2bb2d6c3e2875f8cbc48323c777200652a0a6d1217a1f0c5ac5a41ebab4ec63373a31
-
SSDEEP
12288:HiEnqIKQ72E35/nqt71R1srQ+zowQXUmK6KW2nwywD3z0tX6xJAumc55d:592E35/nqRv1spzYUmvKB8D3yyAxg5d
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
INQUIRY.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
195.54.163.133 - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
INQUIRY.exe
-
Size
705KB
-
MD5
08b45641b13ea906bfc7d47656c28573
-
SHA1
1c8f1759aa3f18b47952cd660542a5a72f522f15
-
SHA256
30507f7743a936de9f2e37f444a6fbfd7f5d684c9d22cd9354d1967e5333a89a
-
SHA512
2f70ff6bfeb50231dd7d645b5f9b500f7fd84ed17e3d642896b36c7b985db37046520da04e2ac72704bf31289fedbf3ec8824cc6cbb88675ae888afd56f327b7
-
SSDEEP
12288:+oW0xqd0fiXOond4GE9FT9rKDScUx7lWPMEyC/e+CMVkigU2kR:+olqdGiXOond1qxKpUB2MEyj+Ppgq
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2