General
-
Target
1b8ffbc3d3aeca2e6b2cce02d2589a6fb12a2dcb6028f48f56243460bda232a6.rar
-
Size
412KB
-
Sample
241127-cm2amsyjfj
-
MD5
a3609d6a5a43b20de980bf2cefa1ff79
-
SHA1
8674647cd7682055c862f72157b163ca4fa30762
-
SHA256
1b8ffbc3d3aeca2e6b2cce02d2589a6fb12a2dcb6028f48f56243460bda232a6
-
SHA512
818189d386ad19381f68866d1d3d8dd3dd4728dd5debb30fd69592a14ce4d1aa9cd0d3f02fe9434a2e14d816a9330364c7a7c923eda28181b7527a08ce815807
-
SSDEEP
12288:q6I4M+o66XartkvR/bFMkt6RTwN73kFTBNuMp3:qNXKhkvlbO3TwV34KMp3
Static task
static1
Behavioral task
behavioral1
Sample
244625296-045056-sanlccjavap0003-9265.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
244625296-045056-sanlccjavap0003-9265.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6478451606:AAFbKLDgEUUeIzZ7hQq9aJhHVTZpkPUZ2-Y/sendMessage?chat_id=6755467222
Targets
-
-
Target
244625296-045056-sanlccjavap0003-9265.exe
-
Size
431KB
-
MD5
d69326f0086f5a1915e317d460851185
-
SHA1
da4889b4a866fccf18cc4d580995d4e491459207
-
SHA256
ce7202372e7e915e6cf9fb52e1ffe3083602f3a9b761f1d4b9e6045eabe065c1
-
SHA512
f559b5584bccd64ee5784b3016b113f99f588be71ac19fc4adac850b993240d7596c91d3e85bc50a5290dd76ac3db3df7911d608f3c678ac4188db9c9b4757a5
-
SSDEEP
12288:bchSe04fsdrsdA6zKY/h1kMPJIN5yUBowyx9fag6vB:bqSe04s+61Y/LkMRSwgoxyrvB
-
Guloader family
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
17ed1c86bd67e78ade4712be48a7d2bd
-
SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0
-
SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
-
SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
SSDEEP
192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2