General

  • Target

    4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91

  • Size

    1.2MB

  • Sample

    240925-1bsq5asajc

  • MD5

    34280e3a145d8d865efedf422b568e46

  • SHA1

    d5e2b2072a08a672d87446df36e513095945d151

  • SHA256

    4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91

  • SHA512

    20c33fc3b8ab2f6988bb8b149e625baad6d442b6e278ab0af1f4fe793272ccdf2803af503cf1e1e3ccd1da8503edfcf8d26745e685518d4b40023fb9c1dfa284

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Password: )NYyffR0

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91

    • Size

      1.2MB

    • MD5

      34280e3a145d8d865efedf422b568e46

    • SHA1

      d5e2b2072a08a672d87446df36e513095945d151

    • SHA256

      4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91

    • SHA512

      20c33fc3b8ab2f6988bb8b149e625baad6d442b6e278ab0af1f4fe793272ccdf2803af503cf1e1e3ccd1da8503edfcf8d26745e685518d4b40023fb9c1dfa284

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks