General

  • Target

    DH BL DRAFT.exe

  • Size

    1.4MB

  • Sample

    240902-c1v1sazgkc

  • MD5

    60fd088bcea4994beaadbe959da90f43

  • SHA1

    2a9c256fbd84075370d25197c3ee977c516cc080

  • SHA256

    b55456f4dd8d7d2fe9c553a9728ab8e2b920abc1068ad4e3bbc5f3e70f4e91c6

  • SHA512

    f900036757705eaae511c6609e5251c6f3fe9f08a22d8e0a20fae3caf683df37728e8a9d47e839686a546707ae46fd146addd7311a447b52ed3d3b624e033f61

  • SSDEEP

    24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aCgS0xGADMPQBtri:2TvC/MTQYxsWR7aCsXO

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      DH BL DRAFT.exe

    • Size

      1.4MB

    • MD5

      60fd088bcea4994beaadbe959da90f43

    • SHA1

      2a9c256fbd84075370d25197c3ee977c516cc080

    • SHA256

      b55456f4dd8d7d2fe9c553a9728ab8e2b920abc1068ad4e3bbc5f3e70f4e91c6

    • SHA512

      f900036757705eaae511c6609e5251c6f3fe9f08a22d8e0a20fae3caf683df37728e8a9d47e839686a546707ae46fd146addd7311a447b52ed3d3b624e033f61

    • SSDEEP

      24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aCgS0xGADMPQBtri:2TvC/MTQYxsWR7aCsXO

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks