General

  • Target

    dae268f747efbd772be9bccc3cc33a9486cdfaa75a8b3da9f56f119924098479

  • Size

    621KB

  • Sample

    241201-txj8jswkex

  • MD5

    688b9794b446d80f0fcfe088b4d9c1bf

  • SHA1

    0025e904666fb27efa016c14d89ef00e8c62e69a

  • SHA256

    dae268f747efbd772be9bccc3cc33a9486cdfaa75a8b3da9f56f119924098479

  • SHA512

    72dd8c09e911fbdcc6e74699762051f9bb972006588a5b1352decf3892aaa7e714ad02cb3f74b3863fc4ea99982cfae5e42ede7d65d4574e092b02a2124cdd10

  • SSDEEP

    12288:T2n3rRcLwW7QBlWU34NZa0mq3E1nlrlSb1bUAYWPn7Gy8e6uX:T2nbD+Q2U3p+E1lrluF1vS+

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.fastestpay.digital
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    1Qj;XlmD!Lrj

Extracted

Family

vipkeylogger

Targets

    • Target

      rfq_PM environmental.exe

    • Size

      626KB

    • MD5

      76871738c52a0704d8e1c424752ecd60

    • SHA1

      b7c38605b7c9d96a5d9ad7def5e0094a7937021f

    • SHA256

      ea39cad9fa9be734f2c7281620c60209da9d6985dba240945b33ce8073f94fc9

    • SHA512

      9e6936ddb07fa9308ea0b19224f56745c00dff12d332c74e885982f3df070bd9e1c7ae392f2f62b609637ce2330330796e9eaf65c6eacddb5b573e3b49933b22

    • SSDEEP

      12288:AORXHVTaXU/mlQF0FAIxlMZSkNyAJJjB55EQPzMmN:AORlTaXUVaqJhJjB37PzMC

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks