General
-
Target
00d929fa445e4b08c8608d31ba99668147718dd31db6d2de3c153a983d05910a
-
Size
641KB
-
Sample
240925-ne8kjascrn
-
MD5
98a9b14f46b84fda5e5ea5d696f6e493
-
SHA1
1b0829012f848e771e560556f2fe8c85d78b5331
-
SHA256
00d929fa445e4b08c8608d31ba99668147718dd31db6d2de3c153a983d05910a
-
SHA512
b11ca0f4f9f40315794d7f5384b2a61ea084ba189dabf1e1fb0217446bdbfc6a1ec542b79104fff8c6cf540e294d1211f134714bd40fbc1fba513655af36008f
-
SSDEEP
12288:xndxU0dRMTwJI9WjrQzmqedzilf8Bj3gZ6ZTAIcQsifbrT7qEB1cPausr+p74:xndO0LIwQmqeEf8BL1Acv14srN
Static task
static1
Behavioral task
behavioral1
Sample
Tech Specifications.pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Tech Specifications.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
kashmirestore.com - Port:
21 - Username:
[email protected] - Password:
c%P+6,(]YFvP
Extracted
vipkeylogger
Targets
-
-
Target
Tech Specifications.pdf.exe
-
Size
691KB
-
MD5
5208e8e74ee62d2ea607d8f7d301ea49
-
SHA1
2990e3d75e1980fa3ac2984a53be2883b19c7e4f
-
SHA256
3452d7e5972e00e7ec6a2d4e99ab27d45598412280e9a81010a4e8df2f6783aa
-
SHA512
f69a4473a48e07bc6562d4ca07d69aca449bfdd9ede79297d652188ce35aa9d08e29c2e9a7ba418d7b791d4a824b1cd9cac40b984fbb1bfe435d61221150f976
-
SSDEEP
12288:PatccGrDGxUvKj+jNYzqYelziLH85jRgfOHT0EcQwWf/rTVW+xSl+Ae/8bQb:wGlKOKqYeyH8Hpz0EhWRlYgI
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2