General
-
Target
22102024_1632_22102024_Factura CLD6154.rar
-
Size
696KB
-
Sample
241022-t1z36svapc
-
MD5
b28d066e7d9773011bc86b8da6e95e2d
-
SHA1
3ce626d83078b6a7b49947c6c70a314425a60d7e
-
SHA256
46ddbb64a770830774ff95b99e23651485fd98e9721af6500d575da9f606a35e
-
SHA512
454f3c1f0d15af539a8fcf38fc3759a0ae125b2fb9f5d5024dbf5bf80731d92a025c73c89e53e9f2914c40beea1066911feb9ddcb7ec21fe5f736cd243277020
-
SSDEEP
12288:3PEF6HUkoEYw3I+8cBbW7uZ7I+bZYdAbpfWf5RCev86+1/2hMEL1yhmCug9tjHFg:MF6HVxYw3HtpWqfVYcfWf5RCdz9EMPu7
Static task
static1
Behavioral task
behavioral1
Sample
Factura CLD6154.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Factura CLD6154.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7777204705:AAGdGJgXaEaWvE6yXv7RvWYjJkTQCsiDnJc/sendMessage?chat_id=7698865320
Targets
-
-
Target
Factura CLD6154.exe
-
Size
782KB
-
MD5
df5e4c3fcbb003291a9799ac07c19718
-
SHA1
c73ba1d8e6e30a37cf4675d3204b15b75b330b26
-
SHA256
fd424c3fcd01bce1f07c8040bcf1c3683078c4b048528f76efc69b26b207e1a6
-
SHA512
f6bbac1abf087bcb4730e8281d07af8aa70c86b5c476338df58cb042ff6629bcfc51e57a2ed4f18f444c53a2f2f914e170b1a2e73161701db9bbf26b7b3cc3f9
-
SSDEEP
12288:I5gGipxk+Kugo1xj+ZY9SQ7ax6q+gdD3/86DtrmT9cPfRNLiyi7TRd8:5Giw+Jn9SQ5q+Y/gcHv+yId8
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2