General
-
Target
0eff2e486b1c46cbf55bc4284355f1ee.bin
-
Size
820KB
-
Sample
241130-bc51eazkdq
-
MD5
3b63bd7a02bb90069ec98e1bf9b86ef0
-
SHA1
88d36a997bec1eedb2cb71695a172b76a00c3f7f
-
SHA256
3a76da48b0725ae553e34eb732850177df0b1c17fc2d7666ef6c08ae5521e3e6
-
SHA512
73b3a213977ecf2bb0c8f246b80928581e42f0b6dfebe26eec881b636770b4b121aae00c517ebb6cd6c24ada1a62384b5c54b9127d5948eac639443fb843beca
-
SSDEEP
24576:yA6TJAJo8w9yx8sItO9qOLXaNVibwuXuON9x:JqAJ3+n7+AibweBj
Static task
static1
Behavioral task
behavioral1
Sample
b7bbe88d2daceef7fdbd706adbdf6532976f23916701739ee0987f77f36b980a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b7bbe88d2daceef7fdbd706adbdf6532976f23916701739ee0987f77f36b980a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
jhxkgroup.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
b7bbe88d2daceef7fdbd706adbdf6532976f23916701739ee0987f77f36b980a.exe
-
Size
885KB
-
MD5
0eff2e486b1c46cbf55bc4284355f1ee
-
SHA1
f9a921a9ef66c0c1c0fcd6fe02aafc8461f05691
-
SHA256
b7bbe88d2daceef7fdbd706adbdf6532976f23916701739ee0987f77f36b980a
-
SHA512
b52122ca5444d606775d7426b7e19bd3090a89c486585c88b33b9fd57a7d87f0e591b7395b538646d93f2d9463d21f281ea5a4a57afb8c12a66d067dc0e3b20b
-
SSDEEP
24576:t2xjaLCnYnbUX2bWOTk7k86ht45oS93GyIrKa:ADnYi6WMlxtxS93GNrK
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2