General

  • Target

    226999705-124613-sanlccjavap0004-67.exe

  • Size

    980KB

  • Sample

    241024-lv6d1awhmq

  • MD5

    3496733f467e1bb42564ad985eb7e4bf

  • SHA1

    a7ee45e43e2c18b48a3f7fd2db51d60d4f8a303b

  • SHA256

    bce4a013376b64f537dacb8d7667847f0d1d20f5e73494aee22cddc86af5366b

  • SHA512

    c95486995e16f19954cb3d110693c9dd9635e5fd2d75fd998974ff5479851f56118efc90f0905c698aaf2274c4aa63cd70a2316a4f829348cd540a0f7e6f36dd

  • SSDEEP

    24576:U+63T2jeQojtnk3VKvNr8xAGuwIm/yWiopvC9wd:U+/j96Lq/RaWi6Mwd

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      226999705-124613-sanlccjavap0004-67.exe

    • Size

      980KB

    • MD5

      3496733f467e1bb42564ad985eb7e4bf

    • SHA1

      a7ee45e43e2c18b48a3f7fd2db51d60d4f8a303b

    • SHA256

      bce4a013376b64f537dacb8d7667847f0d1d20f5e73494aee22cddc86af5366b

    • SHA512

      c95486995e16f19954cb3d110693c9dd9635e5fd2d75fd998974ff5479851f56118efc90f0905c698aaf2274c4aa63cd70a2316a4f829348cd540a0f7e6f36dd

    • SSDEEP

      24576:U+63T2jeQojtnk3VKvNr8xAGuwIm/yWiopvC9wd:U+/j96Lq/RaWi6Mwd

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Alphabetism.Pre

    • Size

      52KB

    • MD5

      cd7e46b01dd5a4d151b79a64c053c906

    • SHA1

      de93ac5f7194e81de277bcafcd0deb8c00308e5a

    • SHA256

      575008f2a446a1a6c7817a571622b79935b1a07316a7276b7b4308f773b7284b

    • SHA512

      96d4892c094f415d3c635bb9e9493a6d1c7ada6ea97b9b6df6a23b548511181d24dd3fd27e49df497bdcc878fb0009d2710cebbd427558cf91f89a71aeb0afa9

    • SSDEEP

      768:JDHUVejEYd2f1a5HumqMFowogGttz4h4fxdr+208dgxUr7U1yc9QCBVuQiiX:ZHUVAHd2fU5OmqMmwo3tzjdix6M7QcqY

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks