General

  • Target

    343820b1077ce4be3b114ba1c269c2a5786ddca5a1ab35ca65392bc20c91d3c5

  • Size

    883KB

  • Sample

    240924-h9rbvayhmh

  • MD5

    74ab3f3ccef897f4f43c6cf3184daca8

  • SHA1

    84d8bb450169a50e92e2817b4e967d268e5a08d6

  • SHA256

    343820b1077ce4be3b114ba1c269c2a5786ddca5a1ab35ca65392bc20c91d3c5

  • SHA512

    5a9bfa1fa5ed47652b099459ed166c060af86394e87973749571dc161e238a08e13844a55019e84909fadcefead1e2c13b8ee3f37c6312a530cc4bd320c291ba

  • SSDEEP

    24576:ssISWd9T/xuto01intfvhtMrB7Tm4EjntacEnybSzV:ssyd9Leo0Yd56LSt2nzV

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.lifechangerscare.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    b4ST8!7!uFT9POP

Extracted

Family

vipkeylogger

Targets

    • Target

      Hesaphareketi-01,pdf.exe

    • Size

      1.2MB

    • MD5

      788799e671e3a59bc0776d760511992a

    • SHA1

      612ae251d122782aeb8f47479a650e8881cc6bc8

    • SHA256

      fb8591420d16f45c6d4a6b2e5908aedb1836bb8437718a228926d80f3ed24551

    • SHA512

      55732156573ddf95344702fdf519a45a04f9b8160d377491035a91eec45df46ae37f33784560cb8fb4768898e3b36a9171926b912457d81746d0776396799a79

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaVzKSfvLt8vhBT+MEFn7acEP0bMCe:mJZoQrbTFZY1iaV2mj8xw7YBCe

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks