General
-
Target
Purchase Order_1.gz
-
Size
804KB
-
Sample
241021-lfw7saybra
-
MD5
39c0deb7a8fc01d3b45e524beb2d18a9
-
SHA1
1e88ec0b107b48589d9fe5974f393679c4a8dccf
-
SHA256
20da25bca1f4271a35afbe1ec76ef9eb54381439bef84fac8e951cf0ed7d9eb1
-
SHA512
fbc2f105523c982b7e03cbb144f003183a8ebf588bd13af4cc9e8e13974aaed1d08449682f838560ad21e85a01b3c312362774e7544df4a8f9f3ba3a17be5e00
-
SSDEEP
24576:aXKLIcFtiEcIE2sr3z/jE6H5M8ozpCpntmWQUM2:a6L/tAxbEMozAnjn
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
hosting1.ro.hostsailor.com - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Targets
-
-
Target
Purchase Order.exe
-
Size
1.0MB
-
MD5
46ae79c53627f188d4c316adb7635524
-
SHA1
653fc3ca8b9e79295a59428fe0842ec79060fb75
-
SHA256
05ca345e803d5783617f8b14194428eb79aa486e0b239ae5656847363729a703
-
SHA512
f028f09d39606821bec5b6f3a12882f3738a86094b435f7f4d3b1e4415ad5bfefbfa456b9a3bb6b976b7bee26c6363281b2cb7755943d0239ca77f8354f363fb
-
SSDEEP
24576:/o8RUr/5+1TtuEoIEMMZ3l/j8Sb9uASz343NHmI8QIoG:/h+/0ltw5b84SzgNLM
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae
-
SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b
-
SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
-
SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
-
SSDEEP
192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2