General

  • Target

    Inv230924193849328483pdf.exe

  • Size

    1.2MB

  • Sample

    240925-awxbyaxcqh

  • MD5

    a07c66eab64e6c05ffa5721c758560e8

  • SHA1

    5126c45f7e7d260241b60534750a54e3e955d3d8

  • SHA256

    d4b8fbd59d002c8c6f147ace0ec43bed581b761b231ebc843b019827df2cc909

  • SHA512

    87842fc8b0ef8678c1b0dadbf2e2ac3cc6efc01540df15d89f693c59a975542e1489a963d33eb960f2edefbe1fd86a305a2f40a6748c3fc344d7f6850b17eec0

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaVFAKsd0PZCgN45wz+yuES2V:mJZoQrbTFZY1iaVmKsd4Z1ea+yW2V

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.lifechangerscare.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    b4ST8!7!uFT9POP

Extracted

Family

vipkeylogger

Targets

    • Target

      Inv230924193849328483pdf.exe

    • Size

      1.2MB

    • MD5

      a07c66eab64e6c05ffa5721c758560e8

    • SHA1

      5126c45f7e7d260241b60534750a54e3e955d3d8

    • SHA256

      d4b8fbd59d002c8c6f147ace0ec43bed581b761b231ebc843b019827df2cc909

    • SHA512

      87842fc8b0ef8678c1b0dadbf2e2ac3cc6efc01540df15d89f693c59a975542e1489a963d33eb960f2edefbe1fd86a305a2f40a6748c3fc344d7f6850b17eec0

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaVFAKsd0PZCgN45wz+yuES2V:mJZoQrbTFZY1iaVmKsd4Z1ea+yW2V

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks