General
-
Target
CERTIFICADO TITULARIDAD.exe
-
Size
573KB
-
Sample
241111-gqey2avcmh
-
MD5
597971be325bbba1df725a7c101a4c58
-
SHA1
90e6b7d6c632cc6fb0d5641ec9b987d5e3387397
-
SHA256
535d29bedc8c720ed7daaeb5e8d79c650b21664d72bad77106eb518975be223b
-
SHA512
ca6f8eab690ab14fcabb7571deba25edeac92bc0167df73607effeec9f1eb680034969b1feda6d62a6002bbea100a4876800bef1d5058033bc7642fc664cf7bb
-
SSDEEP
12288:bXjIKeMQ2PATRg+s/iJplEElhvfTsjzMw1LwKpmkz:bXjIKRQFRC/yTEELD81cCtz
Static task
static1
Behavioral task
behavioral1
Sample
CERTIFICADO TITULARIDAD.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
CERTIFICADO TITULARIDAD.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8148338634:AAFvLNrhxaF7bMPzQMLbUnueRMJvDIi5kcU/sendMessage?chat_id=7698865320
Targets
-
-
Target
CERTIFICADO TITULARIDAD.exe
-
Size
573KB
-
MD5
597971be325bbba1df725a7c101a4c58
-
SHA1
90e6b7d6c632cc6fb0d5641ec9b987d5e3387397
-
SHA256
535d29bedc8c720ed7daaeb5e8d79c650b21664d72bad77106eb518975be223b
-
SHA512
ca6f8eab690ab14fcabb7571deba25edeac92bc0167df73607effeec9f1eb680034969b1feda6d62a6002bbea100a4876800bef1d5058033bc7642fc664cf7bb
-
SSDEEP
12288:bXjIKeMQ2PATRg+s/iJplEElhvfTsjzMw1LwKpmkz:bXjIKRQFRC/yTEELD81cCtz
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2