General

  • Target

    373b92a75852ad139f31fb80c61214c980cb8e58a614039cb3801844b526fb0c

  • Size

    854KB

  • Sample

    241004-bg6shazekg

  • MD5

    22268e1a82addc20945284fe32cfd379

  • SHA1

    250f46c8248b31ba24d9d86f1bb48e6bf7d2991a

  • SHA256

    373b92a75852ad139f31fb80c61214c980cb8e58a614039cb3801844b526fb0c

  • SHA512

    dc14211687f3bbeba84602a9794ed64fff769a9228c6ae0aaaf69dc9de9be238e2832867f13621441efafe083817bb9a07544e9d0e19ccde0cdcb04e10007a75

  • SSDEEP

    12288:3hiRx+9tkp5RE1Of9A7whWemYLZmlKexNdKiexaSQIRu0lZ1qsHpgxxvbxynf+yy:kYtaRE1WAkkBDBAx1X6m0peJP+v

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.d-excel.com.ph
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    JPRilveria@88

Extracted

Family

vipkeylogger

Targets

    • Target

      01-10-2024_Route Rider.exe

    • Size

      1.2MB

    • MD5

      feb49c818a4d7e72318637768d254258

    • SHA1

      c5fcf98829988b0bdbe22deb5a01be8da3a2f589

    • SHA256

      f1364065e994a13924953a7ae7757b84aad616fc733acb897e4f0cca9db9c9ce

    • SHA512

      867c4e29b9b4f11d1cb237a0f0bee6315c40f49465b3d4783482a347681f2d4bbdd97d6ebd83ab7f1664a0fae50293a82583d55738a35c512f0a02ddc5d5227f

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLYAqKhOhiF+MkLljxhp8K7g:f3v+7/5QLYTsF3mxhhg

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks