General

  • Target

    24c6d52deb03904ffdfab367e71f0bd7339495d8684a6b23b4bf7e0678986af9.exe

  • Size

    503KB

  • Sample

    241005-bhr1qs1cjd

  • MD5

    a8173d12fb93c094294ea2847d45bd52

  • SHA1

    bbeb26652779d928d655df4419035f917cd099e6

  • SHA256

    24c6d52deb03904ffdfab367e71f0bd7339495d8684a6b23b4bf7e0678986af9

  • SHA512

    0fe4bf9504f6f1e14f37a3d2cf6146c56bb97fa16704ec4cbe117c155a5f2021112c6f77cfa3169959348a382e29d5950ca55f176b6575082780a78cafae753c

  • SSDEEP

    12288:vhSF4nneptwUHCQ9BelL91hiV0kqLFk0hyS2Bjg0QjMH7WGjF+KiwirSupy8:vhvgdRqWF+dwirSuF

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      24c6d52deb03904ffdfab367e71f0bd7339495d8684a6b23b4bf7e0678986af9.exe

    • Size

      503KB

    • MD5

      a8173d12fb93c094294ea2847d45bd52

    • SHA1

      bbeb26652779d928d655df4419035f917cd099e6

    • SHA256

      24c6d52deb03904ffdfab367e71f0bd7339495d8684a6b23b4bf7e0678986af9

    • SHA512

      0fe4bf9504f6f1e14f37a3d2cf6146c56bb97fa16704ec4cbe117c155a5f2021112c6f77cfa3169959348a382e29d5950ca55f176b6575082780a78cafae753c

    • SSDEEP

      12288:vhSF4nneptwUHCQ9BelL91hiV0kqLFk0hyS2Bjg0QjMH7WGjF+KiwirSupy8:vhvgdRqWF+dwirSuF

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      dd87a973e01c5d9f8e0fcc81a0af7c7a

    • SHA1

      c9206ced48d1e5bc648b1d0f54cccc18bf643a14

    • SHA256

      7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1

    • SHA512

      4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f

    • SSDEEP

      192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks