General

  • Target

    SWIFTCOPY.exe

  • Size

    1.2MB

  • Sample

    240925-ba332aybma

  • MD5

    d138e7f7d5e29f416b7b04e4f7567d11

  • SHA1

    4ed5d9329f6d190936ba3065b75bd90c7f83d04b

  • SHA256

    b265a1d4698c08fe197c6cfed56a7a23adae05fdd25a4917ff5354e537f698d9

  • SHA512

    9aca54e79a967ed2d22bcc92d759e934aa39c407bd3d2d42795d285aaa52030205215965bb56f639f18bbaaaf4a9e4247834f935600d2455830f74b19c1d7afc

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaXSnI7XSMXGGXb3jZFR:mJZoQrbTFZY1iaXS4rGozjZFR

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Password: )NYyffR0

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      SWIFTCOPY.exe

    • Size

      1.2MB

    • MD5

      d138e7f7d5e29f416b7b04e4f7567d11

    • SHA1

      4ed5d9329f6d190936ba3065b75bd90c7f83d04b

    • SHA256

      b265a1d4698c08fe197c6cfed56a7a23adae05fdd25a4917ff5354e537f698d9

    • SHA512

      9aca54e79a967ed2d22bcc92d759e934aa39c407bd3d2d42795d285aaa52030205215965bb56f639f18bbaaaf4a9e4247834f935600d2455830f74b19c1d7afc

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaXSnI7XSMXGGXb3jZFR:mJZoQrbTFZY1iaXS4rGozjZFR

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks