General
-
Target
03102024051302102024FACTURA.rar
-
Size
695KB
-
Sample
241003-kge48athkn
-
MD5
90f5109f5bbd11ba8c702be2186de833
-
SHA1
275df332b13b829fef7059605d8d0bda64f86c75
-
SHA256
fa3f9413e54d6c058f7896ab80d1248c771ebc9a369642298a7eb8b51c42fb1d
-
SHA512
2fdb93bb76ba75615939e62f51423582a9ed5f653e8918c2df078b33db6a456ad7962196ea2f10c804b74bf77b2502e7ec485b2676bd56be2c2d2211a7ff0c34
-
SSDEEP
12288:+Qa9qiVJvRKug/MxiVbMpgvG0LqYnLjmiuO3JwPTuT/VG0kUAT9jzSKwl9Ny2mq:+QsNZK3M6LLj8O3JMTA/VuU8jzSKsy2t
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FACTURA.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
102#Nova#Resid2 - Email To:
[email protected]
Targets
-
-
Target
FACTURA.exe
-
Size
865KB
-
MD5
158d8d8e57ad1e305fce17d3e277cc6f
-
SHA1
0ee2ca41f4b1898838fbd3c5c44baf124c21f4fb
-
SHA256
51466536fb4a4b2f46c0344206795c49ca7a95ab1179c3c7c269a80623589477
-
SHA512
4532aae393c59d63def7feb58bafa3530a7c77def52aa44892e76b72353f1fcd416ac388e8445be7041a370a72e4df692abbab899ff0a3afd9a87be4588d608b
-
SSDEEP
12288:tTv21WRE10veA7aUJc+QS+shiCp++qsqwFnyZ7l:Fv2Q71W/OhPZryZ
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2