General

  • Target

    NOAH SNAKE CRYPT.exe

  • Size

    1.1MB

  • Sample

    241202-tvyyxs1rfy

  • MD5

    b3d2a69e99c66568eef876049cdedb8d

  • SHA1

    1b7e1f804a40224c752ccf9e3ebfe6f179bada0b

  • SHA256

    9a3acf740959669ba7e2d778d78a3c8ad00236eaab8be03d6fa0ec21344b07af

  • SHA512

    0efa5a8bdb6331254dad87233356e407778b7e9fc90172e58293e60a8b01959f62240d2012c2a5e55904128f8d0ef3997b014659a9307a9a84d521422afe65f3

  • SSDEEP

    24576:8u6J33O0c+JY5UZ+XC0kGso6Fad2uRyrWtwWNqTDbqJ2ZWY:mu0c++OCvkGs9Fad2uRyrWtDWGFY

Malware Config

Extracted

Family

vipkeylogger

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.starofseasmarine.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dontforget2015

Targets

    • Target

      NOAH SNAKE CRYPT.exe

    • Size

      1.1MB

    • MD5

      b3d2a69e99c66568eef876049cdedb8d

    • SHA1

      1b7e1f804a40224c752ccf9e3ebfe6f179bada0b

    • SHA256

      9a3acf740959669ba7e2d778d78a3c8ad00236eaab8be03d6fa0ec21344b07af

    • SHA512

      0efa5a8bdb6331254dad87233356e407778b7e9fc90172e58293e60a8b01959f62240d2012c2a5e55904128f8d0ef3997b014659a9307a9a84d521422afe65f3

    • SSDEEP

      24576:8u6J33O0c+JY5UZ+XC0kGso6Fad2uRyrWtwWNqTDbqJ2ZWY:mu0c++OCvkGs9Fad2uRyrWtDWGFY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks