General
-
Target
654069cec8d7cae811d77aff890bc5ce03c7c352290ccd6f6f18196fe04e0e53.exe
-
Size
866KB
-
Sample
240926-b5fafszdll
-
MD5
433fda0ddceae6820f653ff3318e6278
-
SHA1
6735afd7485703ea42db10b3154f1498cc39b1bd
-
SHA256
654069cec8d7cae811d77aff890bc5ce03c7c352290ccd6f6f18196fe04e0e53
-
SHA512
e4df64709ea1030b6672f6eb5fac273e17c31fa8e767bf62a83ac84a4bde12f3f7549cdbd85c60f54579d986c7ce520c4aebe4c0ba141f1beeeaa6883c0a19bd
-
SSDEEP
24576:Os4xlaVmok7zerjTiGoMOCUhdS2aNlwrjOlGgVi:Os4xlakTnefTijMg3UlwrKc
Static task
static1
Behavioral task
behavioral1
Sample
654069cec8d7cae811d77aff890bc5ce03c7c352290ccd6f6f18196fe04e0e53.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
654069cec8d7cae811d77aff890bc5ce03c7c352290ccd6f6f18196fe04e0e53.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.renatoazenha.com - Port:
587 - Username:
[email protected] - Password:
^aKbevY7mhfP - Email To:
[email protected]
Targets
-
-
Target
654069cec8d7cae811d77aff890bc5ce03c7c352290ccd6f6f18196fe04e0e53.exe
-
Size
866KB
-
MD5
433fda0ddceae6820f653ff3318e6278
-
SHA1
6735afd7485703ea42db10b3154f1498cc39b1bd
-
SHA256
654069cec8d7cae811d77aff890bc5ce03c7c352290ccd6f6f18196fe04e0e53
-
SHA512
e4df64709ea1030b6672f6eb5fac273e17c31fa8e767bf62a83ac84a4bde12f3f7549cdbd85c60f54579d986c7ce520c4aebe4c0ba141f1beeeaa6883c0a19bd
-
SSDEEP
24576:Os4xlaVmok7zerjTiGoMOCUhdS2aNlwrjOlGgVi:Os4xlakTnefTijMg3UlwrKc
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2