General

  • Target

    9dc51e446f7495d43e5e43bd0978d95f.exe

  • Size

    1.0MB

  • Sample

    241124-hx8elavqgq

  • MD5

    9dc51e446f7495d43e5e43bd0978d95f

  • SHA1

    e9a49c81e2625cfd2d30e0b46319f5f94261e44f

  • SHA256

    231120dc7d6be432e194d9d8284cded3c5ea9da003f644138ff415d446516e06

  • SHA512

    1205b895c92c895966e60d7389a31fcfd3ddbeaf687efc0e183f21c13c2874cf628e32e6174e0e3751f9452f7a489bb14f70b9f198f1d48633f804eca66398f7

  • SSDEEP

    12288:ptb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaeTBT9zK+UHK6A:ptb20pkaCqT5TBWgNQ7aGBT9SK6A

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ferreiragascuritiba.com.br
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Gavur#123!!

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      9dc51e446f7495d43e5e43bd0978d95f.exe

    • Size

      1.0MB

    • MD5

      9dc51e446f7495d43e5e43bd0978d95f

    • SHA1

      e9a49c81e2625cfd2d30e0b46319f5f94261e44f

    • SHA256

      231120dc7d6be432e194d9d8284cded3c5ea9da003f644138ff415d446516e06

    • SHA512

      1205b895c92c895966e60d7389a31fcfd3ddbeaf687efc0e183f21c13c2874cf628e32e6174e0e3751f9452f7a489bb14f70b9f198f1d48633f804eca66398f7

    • SSDEEP

      12288:ptb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaeTBT9zK+UHK6A:ptb20pkaCqT5TBWgNQ7aGBT9SK6A

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks