General

  • Target

    28092024081727092024SolicitarSCOTIZACIONparaGP123874ARTICULOSxlsx.7z

  • Size

    819KB

  • Sample

    240928-p9qhwazcqb

  • MD5

    f46b58da4e641bad19c3bc2711e4fc66

  • SHA1

    fa6a9d100fc67b3e6d1637d7463c2a587e85dc45

  • SHA256

    5df8e7dff20e52cf94c6163a07e4cdbaf965701a061514f00ec3ddc65e505159

  • SHA512

    1397a4e2534ed3fc37a7280cf354172fc088ac8862ab525a8959b610fe5be19c75fe17487a65d5893ad619122e437e3a33f2274533ae28362c9274bd4af2f282

  • SSDEEP

    24576:PQw3n9Bjh7T5KkeYA6MWdX71tR2ie53IhhrsGkFM:Pz3n9BXKk3X33R2j5sh82

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      SolicitarS COTIZACION para GP123874_ARTICULOS_xlsx.exe

    • Size

      1.1MB

    • MD5

      38da0124c1bd20393e168d2206dd9a8f

    • SHA1

      64f0696ad4d2de9700b3c628df48d8a7da034e72

    • SHA256

      9fc9962ad626a752e9e16f06d0c5aa2835f32c6a8369766b9e50b8bbdec719bb

    • SHA512

      7876a5ed1d25131690476492b48b5b21dfb45622b95e89600676fb40abd7e5e8eb9ba68d71a39e230493cbf462395654d8f7470cfdbadbc178c31fc72f38fed9

    • SSDEEP

      24576:pRmJkcoQricOIQxiZY1iaxj/oId791t1mCeB3IJhxsGkxl:mJZoQrbTFZY1iaxj/731mDBWhKj

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks