General
-
Target
1SccExdhYCwi9NS.exe
-
Size
789KB
-
Sample
241025-nphrvszcjn
-
MD5
a4f12b1e186febfa71ae912ee06b924b
-
SHA1
8d51c1f9a3b814bc30366678d6d3eb75ec8e9303
-
SHA256
259403bd5fd2ed0dc8744a5444dd16c3595feaa977bd507d1966e26b664ba282
-
SHA512
43785a06f8a09d7ea796f9c1caedff969d4343ab5be7c0d596f9f0f81b55f43f7fc16ea72321a4d36cce191c395c355187fb585eed6a2d17d3239170fbb24504
-
SSDEEP
12288:mFCqGjURqgdb3zxQhGJH2y4fDxuvdXjgQDxNeKH1srb:mF0jQqgdb3liq2y4xuvvDDXH1sr
Static task
static1
Behavioral task
behavioral1
Sample
1SccExdhYCwi9NS.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1SccExdhYCwi9NS.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
tonicables.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
1SccExdhYCwi9NS.exe
-
Size
789KB
-
MD5
a4f12b1e186febfa71ae912ee06b924b
-
SHA1
8d51c1f9a3b814bc30366678d6d3eb75ec8e9303
-
SHA256
259403bd5fd2ed0dc8744a5444dd16c3595feaa977bd507d1966e26b664ba282
-
SHA512
43785a06f8a09d7ea796f9c1caedff969d4343ab5be7c0d596f9f0f81b55f43f7fc16ea72321a4d36cce191c395c355187fb585eed6a2d17d3239170fbb24504
-
SSDEEP
12288:mFCqGjURqgdb3zxQhGJH2y4fDxuvdXjgQDxNeKH1srb:mF0jQqgdb3liq2y4xuvvDDXH1sr
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2