General

  • Target

    Hesaphareketi01pdf.exe

  • Size

    1.2MB

  • Sample

    240924-ljb11szakp

  • MD5

    788799e671e3a59bc0776d760511992a

  • SHA1

    612ae251d122782aeb8f47479a650e8881cc6bc8

  • SHA256

    fb8591420d16f45c6d4a6b2e5908aedb1836bb8437718a228926d80f3ed24551

  • SHA512

    55732156573ddf95344702fdf519a45a04f9b8160d377491035a91eec45df46ae37f33784560cb8fb4768898e3b36a9171926b912457d81746d0776396799a79

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaVzKSfvLt8vhBT+MEFn7acEP0bMCe:mJZoQrbTFZY1iaV2mj8xw7YBCe

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.lifechangerscare.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    b4ST8!7!uFT9POP

Extracted

Family

vipkeylogger

Targets

    • Target

      Hesaphareketi01pdf.exe

    • Size

      1.2MB

    • MD5

      788799e671e3a59bc0776d760511992a

    • SHA1

      612ae251d122782aeb8f47479a650e8881cc6bc8

    • SHA256

      fb8591420d16f45c6d4a6b2e5908aedb1836bb8437718a228926d80f3ed24551

    • SHA512

      55732156573ddf95344702fdf519a45a04f9b8160d377491035a91eec45df46ae37f33784560cb8fb4768898e3b36a9171926b912457d81746d0776396799a79

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaVzKSfvLt8vhBT+MEFn7acEP0bMCe:mJZoQrbTFZY1iaV2mj8xw7YBCe

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks