General
-
Target
8cc53b82d9a58a0341d7d37b92024d00b05fa0839264f45e31165884160cf564N
-
Size
700KB
-
Sample
241005-jbh39ashmq
-
MD5
ff01693e0b3899ffa568ddccecda24a0
-
SHA1
75ff45a7828cf4e9a90b2e675ab66e76178fa1da
-
SHA256
8cc53b82d9a58a0341d7d37b92024d00b05fa0839264f45e31165884160cf564
-
SHA512
3aeb235f1ca155bc4c0ab8e1defafa934850ba0e23aa981075a41cd5206d46b57557c648a9c3885062781f428d02c72b3b3d897d119fc3e734e9095982d96a93
-
SSDEEP
12288:0dWwUGjw3yDKPjcWOrYgsPNQPRIEdJBrODh5l0xlVvtxU7k4a3cQYzKVoa:8UGOyD4jWrz7PuEdfrOFsBxQkDcQ3oa
Static task
static1
Behavioral task
behavioral1
Sample
8cc53b82d9a58a0341d7d37b92024d00b05fa0839264f45e31165884160cf564N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8cc53b82d9a58a0341d7d37b92024d00b05fa0839264f45e31165884160cf564N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.jhxkgroup.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.jhxkgroup.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@
Targets
-
-
Target
8cc53b82d9a58a0341d7d37b92024d00b05fa0839264f45e31165884160cf564N
-
Size
700KB
-
MD5
ff01693e0b3899ffa568ddccecda24a0
-
SHA1
75ff45a7828cf4e9a90b2e675ab66e76178fa1da
-
SHA256
8cc53b82d9a58a0341d7d37b92024d00b05fa0839264f45e31165884160cf564
-
SHA512
3aeb235f1ca155bc4c0ab8e1defafa934850ba0e23aa981075a41cd5206d46b57557c648a9c3885062781f428d02c72b3b3d897d119fc3e734e9095982d96a93
-
SSDEEP
12288:0dWwUGjw3yDKPjcWOrYgsPNQPRIEdJBrODh5l0xlVvtxU7k4a3cQYzKVoa:8UGOyD4jWrz7PuEdfrOFsBxQkDcQ3oa
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2