General
-
Target
Quote_ECM129_ Kumbih III.exe
-
Size
768KB
-
Sample
241005-r1rqpazcrh
-
MD5
a64f55c455631910a1595caf9d0bcaf9
-
SHA1
3da206d05549d6ffabdcdc66b4d7a41024edac81
-
SHA256
c0a29427c44b0c2ddad15953d29d0772f281d4d9cd0673ca14f74d571169c4c7
-
SHA512
b68153968e4b972873e7bedcdcc5f5fdb52720aa87adeeedc8557aff7fd1e93da9ebcb89da559448c0fc9e6c44fd50b77317c3b35436030af8cdd993e1347611
-
SSDEEP
12288:9LQ6BUXfbs6+kxUH7xqluJ+g9RLqBRJi25azqMu4UXL2L:9sIUXfekxUNlJnTmB7t4UXS
Static task
static1
Behavioral task
behavioral1
Sample
Quote_ECM129_ Kumbih III.exe
Resource
win11-20240802-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.aewn.buzz - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
Quote_ECM129_ Kumbih III.exe
-
Size
768KB
-
MD5
a64f55c455631910a1595caf9d0bcaf9
-
SHA1
3da206d05549d6ffabdcdc66b4d7a41024edac81
-
SHA256
c0a29427c44b0c2ddad15953d29d0772f281d4d9cd0673ca14f74d571169c4c7
-
SHA512
b68153968e4b972873e7bedcdcc5f5fdb52720aa87adeeedc8557aff7fd1e93da9ebcb89da559448c0fc9e6c44fd50b77317c3b35436030af8cdd993e1347611
-
SSDEEP
12288:9LQ6BUXfbs6+kxUH7xqluJ+g9RLqBRJi25azqMu4UXL2L:9sIUXfekxUNlJnTmB7t4UXS
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2