General

  • Target

    cb2ef6af937cda03dc985358f37e52a71e6f7fc62ca444bbdd9745991557a44d.exe

  • Size

    1.3MB

  • Sample

    240926-cxhahsvfkf

  • MD5

    b88e14278935b0ec0902504c544a87af

  • SHA1

    6c181b0dfc3e496a84c1cfbe48610178dbfd776b

  • SHA256

    cb2ef6af937cda03dc985358f37e52a71e6f7fc62ca444bbdd9745991557a44d

  • SHA512

    15291da5040c56332b2cc7e38f050e30938160746604b5361266b8fcf8e59b2be0a1e5f58ff6ecbb94e90d07cee5f49f55fac936895f64114c6a417c1df5fc74

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaJVL7MiETZe0jmhB4pwkYhjF:mJZoQrbTFZY1iaJVEjdbqgOhjF

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Password: D4v_8+edvC?l. .

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      cb2ef6af937cda03dc985358f37e52a71e6f7fc62ca444bbdd9745991557a44d.exe

    • Size

      1.3MB

    • MD5

      b88e14278935b0ec0902504c544a87af

    • SHA1

      6c181b0dfc3e496a84c1cfbe48610178dbfd776b

    • SHA256

      cb2ef6af937cda03dc985358f37e52a71e6f7fc62ca444bbdd9745991557a44d

    • SHA512

      15291da5040c56332b2cc7e38f050e30938160746604b5361266b8fcf8e59b2be0a1e5f58ff6ecbb94e90d07cee5f49f55fac936895f64114c6a417c1df5fc74

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaJVL7MiETZe0jmhB4pwkYhjF:mJZoQrbTFZY1iaJVEjdbqgOhjF

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks