General
-
Target
nº 7064-2024.exe
-
Size
1007KB
-
Sample
241025-rnfgwssalp
-
MD5
896d5fba336a53de81119d748c423d0d
-
SHA1
1fe1eb8613bdd029a3d6fef114d6bbcea8c938b4
-
SHA256
1e91b915d4132fcd5e923a83c6070af72045261fb5cb972f3b4497a4dc8dfcb2
-
SHA512
8c15bdc196b52ca01994bda11c29925a10373d4b402b55271137fe6f7d37057beccb14d4a9ec9445bfe25f6e820592cc36086b4d3e411248d3a151ce5ca17474
-
SSDEEP
24576:vHg/r/z2VFQhvni26fI0b6e4BAWMIRdGeBYTw2H2:I/z2VAn6ZUnZSTs
Static task
static1
Behavioral task
behavioral1
Sample
nº 7064-2024.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
nº 7064-2024.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
panta.home.pl - Port:
587 - Username:
[email protected] - Password:
PANTA#Gda$2023 - Email To:
[email protected]
Targets
-
-
Target
nº 7064-2024.exe
-
Size
1007KB
-
MD5
896d5fba336a53de81119d748c423d0d
-
SHA1
1fe1eb8613bdd029a3d6fef114d6bbcea8c938b4
-
SHA256
1e91b915d4132fcd5e923a83c6070af72045261fb5cb972f3b4497a4dc8dfcb2
-
SHA512
8c15bdc196b52ca01994bda11c29925a10373d4b402b55271137fe6f7d37057beccb14d4a9ec9445bfe25f6e820592cc36086b4d3e411248d3a151ce5ca17474
-
SSDEEP
24576:vHg/r/z2VFQhvni26fI0b6e4BAWMIRdGeBYTw2H2:I/z2VAn6ZUnZSTs
-
Guloader family
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2