General
-
Target
4b38ed91279087b64a22c3295dca641c.bin
-
Size
821KB
-
Sample
241130-bll9navqd1
-
MD5
d685f97b5d753d747ec6cf887946e18c
-
SHA1
34cbd9093f094b21839d0142e1f7567318942b1f
-
SHA256
28f1dbc23e2a990bc78165e7557b6702d1636fddde3c39e086b886057061ac37
-
SHA512
58456d3f8e9517955ac9d10c7f6ae4d86630f800dc4910b5bd6c54067120a48afd9402d4ff98b5bcfc3c7e75c05783b5bb98c71e50971e2ab5ab5f87eb040a9d
-
SSDEEP
12288:0hJkX7M8Y6RSKTzvqXJu/HMLkZPlUMaKZt02E6bCYEq4qflH5IVWjqynHZ:7XLPHFkLkx9Zt0H6bCYPtHGWGyn5
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY_pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
INQUIRY_pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
jhxkgroup.online - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
INQUIRY_pdf.exe
-
Size
885KB
-
MD5
0eff2e486b1c46cbf55bc4284355f1ee
-
SHA1
f9a921a9ef66c0c1c0fcd6fe02aafc8461f05691
-
SHA256
b7bbe88d2daceef7fdbd706adbdf6532976f23916701739ee0987f77f36b980a
-
SHA512
b52122ca5444d606775d7426b7e19bd3090a89c486585c88b33b9fd57a7d87f0e591b7395b538646d93f2d9463d21f281ea5a4a57afb8c12a66d067dc0e3b20b
-
SSDEEP
24576:t2xjaLCnYnbUX2bWOTk7k86ht45oS93GyIrKa:ADnYi6WMlxtxS93GNrK
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2