General

  • Target

    3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862

  • Size

    1.2MB

  • Sample

    241130-nlzk7sspbt

  • MD5

    6512e4d388177410e48046e3c357e3ba

  • SHA1

    bb948656b8965a0d0648e8a21d468385b9d8daee

  • SHA256

    3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862

  • SHA512

    207a58ef5b1d083f6a622d84aeec7aada62b11f5e7f6ac0b43cf847204d28f3cd5c53cfeeeafbeb07de6c960ccddad9b83aca286a2334d37a18f744096ffe2f3

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLwmOb1lKAoHpr0rvOfsWZsnhh2rmIc5Vmb7i:f3v+7/5QLVAiwvOyh2rsVmb7i

Malware Config

Extracted

Family

vipkeylogger

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ujexchange.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    UJ@2022

Targets

    • Target

      3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862

    • Size

      1.2MB

    • MD5

      6512e4d388177410e48046e3c357e3ba

    • SHA1

      bb948656b8965a0d0648e8a21d468385b9d8daee

    • SHA256

      3fb2216af508fb7f6d8e248f586a2b637865ac885bb4da8b736f343dd719f862

    • SHA512

      207a58ef5b1d083f6a622d84aeec7aada62b11f5e7f6ac0b43cf847204d28f3cd5c53cfeeeafbeb07de6c960ccddad9b83aca286a2334d37a18f744096ffe2f3

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLwmOb1lKAoHpr0rvOfsWZsnhh2rmIc5Vmb7i:f3v+7/5QLVAiwvOyh2rsVmb7i

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks