General
-
Target
d47cf218c7f1a32c556e0501c3d1f00c420fa75ace47ad2b4fd6242aec388580.exe
-
Size
632KB
-
Sample
241109-d9c21awlfx
-
MD5
95359158d57fb8ceb0093d85bdec58b4
-
SHA1
50c7d83505c11307084313f5a6badb7dbf619b75
-
SHA256
d47cf218c7f1a32c556e0501c3d1f00c420fa75ace47ad2b4fd6242aec388580
-
SHA512
ab76232fb8252ed72f12c6ddef03b4cdfa729d89e9eb735e32d6a5bd9d202ab5b1690a0fdb28a36d345238ce3231b2789e75ae5a6e2d25af13cdbc6876a45cba
-
SSDEEP
12288:ONBi378EzqgDY62EJNSGI4GoI2iJK06rNkRDjGQB7F0PgvD5Fb7q:ONg37HqO/hsGjIP4HNktGQMPgNpq
Static task
static1
Behavioral task
behavioral1
Sample
d47cf218c7f1a32c556e0501c3d1f00c420fa75ace47ad2b4fd6242aec388580.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d47cf218c7f1a32c556e0501c3d1f00c420fa75ace47ad2b4fd6242aec388580.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Analytiske.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Analytiske.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
Rajahsouthfruits5 - Email To:
[email protected]
Targets
-
-
Target
d47cf218c7f1a32c556e0501c3d1f00c420fa75ace47ad2b4fd6242aec388580.exe
-
Size
632KB
-
MD5
95359158d57fb8ceb0093d85bdec58b4
-
SHA1
50c7d83505c11307084313f5a6badb7dbf619b75
-
SHA256
d47cf218c7f1a32c556e0501c3d1f00c420fa75ace47ad2b4fd6242aec388580
-
SHA512
ab76232fb8252ed72f12c6ddef03b4cdfa729d89e9eb735e32d6a5bd9d202ab5b1690a0fdb28a36d345238ce3231b2789e75ae5a6e2d25af13cdbc6876a45cba
-
SSDEEP
12288:ONBi378EzqgDY62EJNSGI4GoI2iJK06rNkRDjGQB7F0PgvD5Fb7q:ONg37HqO/hsGjIP4HNktGQMPgNpq
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Analytiske.Ant
-
Size
52KB
-
MD5
64473712892d67203242c7904c6ffd81
-
SHA1
72d869d49607487d0ae85da693aacc42709339e2
-
SHA256
9c845196deca4a4738d5bee70cc2169f1dbec420b7d340b5d40642a41287a9a6
-
SHA512
0c8ad907a17bda49371ebca2c4d390347c99c48c13c10c245691113aa087b3ea65fb0811ea623dcd4257f3cc0eca1615ce40d5e2b1cda623356a84e9c18b0383
-
SSDEEP
1536:/5kp6eLO4rqfz/CetjrxBy9IiNS0DDMWOSq1+:yp61Dbaan8BDDMr31+
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2