General

  • Target

    35c85d14d32575890c8ed8b5514a2b559778e932abbca0f47c54f0ffac1528e1.uue

  • Size

    869KB

  • Sample

    240926-bs8fgayfpl

  • MD5

    4e3f1140aa864113a3094f913b80c5bd

  • SHA1

    8d0a8375a041293daea952a4ff9d8d6a22701a1c

  • SHA256

    35c85d14d32575890c8ed8b5514a2b559778e932abbca0f47c54f0ffac1528e1

  • SHA512

    99c9a9c02f4a65319ebf29cd8da84ac146bb4b8e99d290e0dbffe7da23653dbfe1648e5a91becc84cc9650d73d968a0d4aa23a4d1e6de1c3d380580b059716a1

  • SSDEEP

    24576:w2Z/8wBZQqN6Xc2RD6th6KNdiCpkuPS76ERSJ:w298EZQa2UddiF76EoJ

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.osconsupplies.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Fin#OSCn@2k2

Extracted

Family

vipkeylogger

Targets

    • Target

      doc17000320240923070456.exe

    • Size

      1.2MB

    • MD5

      672e1968d4e6f0e763497659b0a20c4a

    • SHA1

      857a01cbf3e530bbff46d7edf0fdad047463f097

    • SHA256

      9d49009863fc15ea98c88541cc2038b71f28a4510d1ec4dab2ab9a137bf002cf

    • SHA512

      07680c9ca4c33d18d0811fc03df0dbf01eba2dcbb7f2370fc58108eedf6aacfbae1497ea9c38d87301ef47a22e76121f983a10a78a74c5f280f7f2c4c2399a65

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCktaC+FyzRngMPYJopIHzJDPxV:7JZoQrbTFZY1iaCktaizRnpgOIH1PxV

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks