General
-
Target
8c1bed7e2f531c2c46235cb77fd6c0ac9c5afe06c65f71f66280537ecfbd1514
-
Size
543KB
-
Sample
240930-t4rk7sygqa
-
MD5
4c29b72097a7c3600ee92f617dff6e96
-
SHA1
a678bd33f25ddc785382f37b95bb49034925af8d
-
SHA256
8c1bed7e2f531c2c46235cb77fd6c0ac9c5afe06c65f71f66280537ecfbd1514
-
SHA512
5af5d22e6991950c6e9c61811b4231ea51530484c665d389fd2b11bf67fa5ba8ac22b8bc6df27705e0e488febbee8087e836e8bcd2820a9203aefb5f6c025e5b
-
SSDEEP
12288:b5Om3q82XSlpcO2S/RQ9SD0jCvm04+5RILa2vQfjAWXj:b5D3qPC/cOvRQS0Ovl4+RILYfjAC
Static task
static1
Behavioral task
behavioral1
Sample
enkelthederne.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
enkelthederne.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.cybertechllc.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
enkelthederne.exe
-
Size
644KB
-
MD5
9d4c4e1d36074a2e8ad8260f3d59e430
-
SHA1
3c0e32b1964ae52cb9bffe0beebb8a040f9c6551
-
SHA256
c95aea5bd5101ad02279840c6f58a7df8493476676c51957eced27380558672d
-
SHA512
55cd8f9022b90f6747a7b9af511e97639d7507bd5b8b6ef9e10c9a3e9ddbe9af0f0667b056570425ac82578a222ff6b78ea84d9b5948a4bebc28171cf9aa6df2
-
SSDEEP
12288:1fVMwIh2rsrcLnmleYnf25bAbeLyd1jkHRQtXu/seS8HR/V:19VB4gLnmPYAeL81jkHWtXe5
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
9625d5b1754bc4ff29281d415d27a0fd
-
SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0
-
SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
-
SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b
-
SSDEEP
192:eX24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlqSlS:D8QIl972eXqlWBFSt273YOlqz
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2