General
-
Target
DHL AWB - COMMERCIAL INVOICE AND BL.exe
-
Size
1.0MB
-
Sample
241018-hysersteka
-
MD5
436ad3b0e1d9ba029a04645dbe1e162d
-
SHA1
686aa878f98915af271917e79066fedff3bc1668
-
SHA256
d08c94e17c56c3eef499f2076f226287443cb6cb7b724b2a3a86dd58db3d495d
-
SHA512
ed7dac8eeca142fafa058c0b3f8e8ee81e5f1ce1e2edc99d163806e1fed8a3419cbd628bea2db0e0d18c89cff56eae2a1c6c3034683ec9bde8f29066fa3e40f7
-
SSDEEP
24576:ogdsQJsi3HpjIsRbvqrWk5Tf2SCHYAC+IS:oTUJjI8qyCT+SpAC+IS
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB - COMMERCIAL INVOICE AND BL.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
DHL AWB - COMMERCIAL INVOICE AND BL.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.fibraunollc.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
DHL AWB - COMMERCIAL INVOICE AND BL.exe
-
Size
1.0MB
-
MD5
436ad3b0e1d9ba029a04645dbe1e162d
-
SHA1
686aa878f98915af271917e79066fedff3bc1668
-
SHA256
d08c94e17c56c3eef499f2076f226287443cb6cb7b724b2a3a86dd58db3d495d
-
SHA512
ed7dac8eeca142fafa058c0b3f8e8ee81e5f1ce1e2edc99d163806e1fed8a3419cbd628bea2db0e0d18c89cff56eae2a1c6c3034683ec9bde8f29066fa3e40f7
-
SSDEEP
24576:ogdsQJsi3HpjIsRbvqrWk5Tf2SCHYAC+IS:oTUJjI8qyCT+SpAC+IS
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae
-
SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b
-
SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
-
SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
-
SSDEEP
192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2