General

  • Target

    bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f.exe

  • Size

    1.2MB

  • Sample

    241109-d3n6payrfp

  • MD5

    9b25bf9d1b617ff88c10da68711b27cf

  • SHA1

    dd61400ce42ee8029733d69d53181fa8b78358f8

  • SHA256

    bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f

  • SHA512

    57aa4e7b54c46e6a657b443c625b92752a9b44b9331da491c4f93f72a67386857452c856d2d09f285733bf53ac2acfc94cf2fccfc44c75c7efc7fda87afba8bd

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLjKQf0Q4GOwdhpsSN4V:f3v+7/5QLjKi0QdUzV

Malware Config

Extracted

Family

vipkeylogger

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.deelumoulds.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dv?X6s?K@&X?

Targets

    • Target

      bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f.exe

    • Size

      1.2MB

    • MD5

      9b25bf9d1b617ff88c10da68711b27cf

    • SHA1

      dd61400ce42ee8029733d69d53181fa8b78358f8

    • SHA256

      bef4b78b6f8b0b6f838b0aec911a91a80eefc86a88c01ac899b38c0d87e3fe2f

    • SHA512

      57aa4e7b54c46e6a657b443c625b92752a9b44b9331da491c4f93f72a67386857452c856d2d09f285733bf53ac2acfc94cf2fccfc44c75c7efc7fda87afba8bd

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLjKQf0Q4GOwdhpsSN4V:f3v+7/5QLjKi0QdUzV

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks