General

  • Target

    e8f788ca747a6d343b0289e30f70df5ca8776d89150ff282e8053662394e2008

  • Size

    903KB

  • Sample

    241001-af2xgsvhmf

  • MD5

    64428c195e6ed9d1a46ad0025ff80247

  • SHA1

    8fecce62f3361683ac34fec243a2ed8f970196df

  • SHA256

    e8f788ca747a6d343b0289e30f70df5ca8776d89150ff282e8053662394e2008

  • SHA512

    286f57ce1a508733d33ae8fe33e1ab2497675f83c9fac30f51c0ac485636e7be69cc8f06240c519192bdb773300d6366fb82ca15e21e518520d96eb36d6fb158

  • SSDEEP

    24576:KlYhPmOBR/NhxATUWhO4wg1nLD4fnf/b9DGqL:RhPmeR1h+fhP1LD4frrL

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.akguneselektrik.com
  • Port:
    21
  • Username:
    akgunes
  • Password:
    9H5xQVGg

Extracted

Family

vipkeylogger

Targets

    • Target

      doc 20241001899988qa900010.exe

    • Size

      1.2MB

    • MD5

      dbefc107b604850b02d37c21d7a5b678

    • SHA1

      42e0be115317e64cc5dd9afd83533719142a11a7

    • SHA256

      0f104b87d9b6c55e9984d7fd7ba104aaf405a446d215e4d5187facd0b05ffd07

    • SHA512

      925edec21c2d2d43011e8acf58b45f68a89a16e2acf516fe52fa39267ca000a0a5bae41bf89244f11f328646d0ae4c0a936ce1dce1cfcf252b2eb53449a98ee3

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLLUuhg4Eg5nL/STnvpb9NsCF:f3v+7/5QLVhJ5L/STFlF

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks