General

  • Target

    0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631N

  • Size

    820KB

  • Sample

    241109-ldly2asbld

  • MD5

    db4ac563b162322d244eb7096cd7a290

  • SHA1

    6b6c7e7e4ce6039bb880bc7394a4f6469fc1d39e

  • SHA256

    0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631

  • SHA512

    37776a56654a9b404cd5e8f5711d8fa1bda78fe30dc17de0307f63afbcab44ebacd87d85614380313a658c48f27e4fac942f4e579e0d9c63be39258ac5f98871

  • SSDEEP

    12288:a+r35ockhNh5/CN7t+uFtrTynCSYca4xhtHG0akHpQtHyVJzi58F8X2:a++ckhpaN7/FFWmcFZfIynWCF8m

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    kashmirestore.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    tA5UkucAJ*[=

Extracted

Family

vipkeylogger

Targets

    • Target

      0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631N

    • Size

      820KB

    • MD5

      db4ac563b162322d244eb7096cd7a290

    • SHA1

      6b6c7e7e4ce6039bb880bc7394a4f6469fc1d39e

    • SHA256

      0918c286d07c326fb7f31f1200fb61cec352b21c67099dcdc526dcbb3f97e631

    • SHA512

      37776a56654a9b404cd5e8f5711d8fa1bda78fe30dc17de0307f63afbcab44ebacd87d85614380313a658c48f27e4fac942f4e579e0d9c63be39258ac5f98871

    • SSDEEP

      12288:a+r35ockhNh5/CN7t+uFtrTynCSYca4xhtHG0akHpQtHyVJzi58F8X2:a++ckhpaN7/FFWmcFZfIynWCF8m

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks