General

  • Target

    1SccExdhYCwi9NS.exe

  • Size

    789KB

  • Sample

    241025-nphrvszcjn

  • MD5

    a4f12b1e186febfa71ae912ee06b924b

  • SHA1

    8d51c1f9a3b814bc30366678d6d3eb75ec8e9303

  • SHA256

    259403bd5fd2ed0dc8744a5444dd16c3595feaa977bd507d1966e26b664ba282

  • SHA512

    43785a06f8a09d7ea796f9c1caedff969d4343ab5be7c0d596f9f0f81b55f43f7fc16ea72321a4d36cce191c395c355187fb585eed6a2d17d3239170fbb24504

  • SSDEEP

    12288:mFCqGjURqgdb3zxQhGJH2y4fDxuvdXjgQDxNeKH1srb:mF0jQqgdb3liq2y4xuvvDDXH1sr

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      1SccExdhYCwi9NS.exe

    • Size

      789KB

    • MD5

      a4f12b1e186febfa71ae912ee06b924b

    • SHA1

      8d51c1f9a3b814bc30366678d6d3eb75ec8e9303

    • SHA256

      259403bd5fd2ed0dc8744a5444dd16c3595feaa977bd507d1966e26b664ba282

    • SHA512

      43785a06f8a09d7ea796f9c1caedff969d4343ab5be7c0d596f9f0f81b55f43f7fc16ea72321a4d36cce191c395c355187fb585eed6a2d17d3239170fbb24504

    • SSDEEP

      12288:mFCqGjURqgdb3zxQhGJH2y4fDxuvdXjgQDxNeKH1srb:mF0jQqgdb3liq2y4xuvvDDXH1sr

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks