General

  • Target

    Catalogue-parts-order1290

  • Size

    993KB

  • Sample

    241028-rl4rps1ejb

  • MD5

    109999f2dd1c17c2f9824fe52d15857b

  • SHA1

    ccc28bea9a2d7f888291a3ff846a6f820509f1a8

  • SHA256

    cf6800448bd20938d5e58be636dac9fd95ada3b8a2360a0e27672726d9c16f87

  • SHA512

    9c260cd2764d4a6b33b2a119825c6ce0e3e759cecf02adfe10e1ed72d0e2e5e86de4f5660437c1bbadb9e53a76bd74e3966054daff3b3d7b9a173c98a58d4d26

  • SSDEEP

    12288:tqiMp5vpmVSD/bqepRjrByHHjXEbDbMifHzF6rWowo3lItWMTCJqCOl1:RMqObqe7jrmHjXEPbMifTcrh9+tW40O3

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Catalogue-parts-order1290

    • Size

      993KB

    • MD5

      109999f2dd1c17c2f9824fe52d15857b

    • SHA1

      ccc28bea9a2d7f888291a3ff846a6f820509f1a8

    • SHA256

      cf6800448bd20938d5e58be636dac9fd95ada3b8a2360a0e27672726d9c16f87

    • SHA512

      9c260cd2764d4a6b33b2a119825c6ce0e3e759cecf02adfe10e1ed72d0e2e5e86de4f5660437c1bbadb9e53a76bd74e3966054daff3b3d7b9a173c98a58d4d26

    • SSDEEP

      12288:tqiMp5vpmVSD/bqepRjrByHHjXEbDbMifHzF6rWowo3lItWMTCJqCOl1:RMqObqe7jrmHjXEPbMifTcrh9+tW40O3

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      6ad39193ed20078aa1b23c33a1e48859

    • SHA1

      95e70e4f47aa1689cc08afbdaef3ec323b5342fa

    • SHA256

      b9631423a50c666faf2cc6901c5a8d6eb2fecd306fdd2524256b7e2e37b251c2

    • SHA512

      78c89bb8c86f3b68e5314467eca4e8e922d143335081fa66b01d756303e1aec68ed01f4be7098dbe06a789ca32a0f31102f5ba408bc5ab28e61251611bb4f62b

    • SSDEEP

      96:qIsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9Fug:ZVL7ikJb76BQUoUm+RnyXVYO2RvHFug

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks