General

  • Target

    03102024_0513_02102024_FACTURA.rar

  • Size

    695KB

  • Sample

    241003-fwsawawern

  • MD5

    90f5109f5bbd11ba8c702be2186de833

  • SHA1

    275df332b13b829fef7059605d8d0bda64f86c75

  • SHA256

    fa3f9413e54d6c058f7896ab80d1248c771ebc9a369642298a7eb8b51c42fb1d

  • SHA512

    2fdb93bb76ba75615939e62f51423582a9ed5f653e8918c2df078b33db6a456ad7962196ea2f10c804b74bf77b2502e7ec485b2676bd56be2c2d2211a7ff0c34

  • SSDEEP

    12288:+Qa9qiVJvRKug/MxiVbMpgvG0LqYnLjmiuO3JwPTuT/VG0kUAT9jzSKwl9Ny2mq:+QsNZK3M6LLj8O3JMTA/VuU8jzSKsy2t

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      FACTURA.exe

    • Size

      865KB

    • MD5

      158d8d8e57ad1e305fce17d3e277cc6f

    • SHA1

      0ee2ca41f4b1898838fbd3c5c44baf124c21f4fb

    • SHA256

      51466536fb4a4b2f46c0344206795c49ca7a95ab1179c3c7c269a80623589477

    • SHA512

      4532aae393c59d63def7feb58bafa3530a7c77def52aa44892e76b72353f1fcd416ac388e8445be7041a370a72e4df692abbab899ff0a3afd9a87be4588d608b

    • SSDEEP

      12288:tTv21WRE10veA7aUJc+QS+shiCp++qsqwFnyZ7l:Fv2Q71W/OhPZryZ

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks