General
-
Target
CertificadoFNMT-RCM.exe
-
Size
784KB
-
Sample
241022-hyn3cavgrr
-
MD5
d5124313ebf51a883392d6171e9b7049
-
SHA1
72c137198f1893be9f5a73a89967889895160117
-
SHA256
6aa4aecddd8e0ffc3b3cee5987c88d34eb7cb048cb5a42983b2b223875182bd4
-
SHA512
dfda9be5f1641ab3567f483cb80d340fefa30ec893ba9af42d687726f8ef07d2ee7457ae45a10e3f6d087206693e01239f2c3ec3e9aaa23b9dab21f371c453fd
-
SSDEEP
12288:I5gGipxkBKTBX7yFUJFLoEaOAUGsoj5eTZa86q+gdD3/86DtrmT9cPfRNLiyi7TH:5GiwB4NyF8olhRj5eKq+Y/gcHv+yIdv
Static task
static1
Behavioral task
behavioral1
Sample
CertificadoFNMT-RCM.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
CertificadoFNMT-RCM.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7500341588:AAHsqawFdC2urnq1E6blZy5E3r-OiJvH9ZA/sendMessage?chat_id=7267131103
Targets
-
-
Target
CertificadoFNMT-RCM.exe
-
Size
784KB
-
MD5
d5124313ebf51a883392d6171e9b7049
-
SHA1
72c137198f1893be9f5a73a89967889895160117
-
SHA256
6aa4aecddd8e0ffc3b3cee5987c88d34eb7cb048cb5a42983b2b223875182bd4
-
SHA512
dfda9be5f1641ab3567f483cb80d340fefa30ec893ba9af42d687726f8ef07d2ee7457ae45a10e3f6d087206693e01239f2c3ec3e9aaa23b9dab21f371c453fd
-
SSDEEP
12288:I5gGipxkBKTBX7yFUJFLoEaOAUGsoj5eTZa86q+gdD3/86DtrmT9cPfRNLiyi7TH:5GiwB4NyF8olhRj5eKq+Y/gcHv+yIdv
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2