General

  • Target

    sr01fduyUJe6O2V.exe

  • Size

    858KB

  • Sample

    241003-kpt84svbrm

  • MD5

    d237ebe34f35a9ffe99f5efe0474c1e2

  • SHA1

    573c4774a52cc9ebc7e7408f944ac7f3a27d2fb1

  • SHA256

    ebf5271d5f3a9a052cd487e949d80ca43d84bb108dd0cf0c773f2139a57c6137

  • SHA512

    9393d9605d72382f7dc154e0dfc7aacd7f0f740c0c3ec7fc3e94a366111edbbb1ca2f64b85cd9f12bd7bccad25d74ed16cff19162b44b95127e61ccc227b9f05

  • SSDEEP

    12288:ITvsX+yIRHTkJkgD4QhcmO43HW38kyzGFfh4hqurvn1AXVDaqU7od:EvsXYhikwthzO0238BzGFJ4o69UVaqj

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      sr01fduyUJe6O2V.exe

    • Size

      858KB

    • MD5

      d237ebe34f35a9ffe99f5efe0474c1e2

    • SHA1

      573c4774a52cc9ebc7e7408f944ac7f3a27d2fb1

    • SHA256

      ebf5271d5f3a9a052cd487e949d80ca43d84bb108dd0cf0c773f2139a57c6137

    • SHA512

      9393d9605d72382f7dc154e0dfc7aacd7f0f740c0c3ec7fc3e94a366111edbbb1ca2f64b85cd9f12bd7bccad25d74ed16cff19162b44b95127e61ccc227b9f05

    • SSDEEP

      12288:ITvsX+yIRHTkJkgD4QhcmO43HW38kyzGFfh4hqurvn1AXVDaqU7od:EvsXYhikwthzO0238BzGFJ4o69UVaqj

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks