General

  • Target

    64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545.exe

  • Size

    626KB

  • Sample

    241205-x2wnxsvjgj

  • MD5

    406c82d85bd25857140116b91f8c3b3d

  • SHA1

    5e62807cc5f68c061d1be770df181d1e23075dfd

  • SHA256

    64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545

  • SHA512

    c969d9ffb277f8e51fcc531f9cce8b974f26ce1525145312a248e9f34d4752ee924b181977468ae1d175b1067ddd68f6be45a5e1fda2f374a619ca4006bfc220

  • SSDEEP

    12288:AORXHVTaXU/mlQF0FAIxlMZSkNyAJJjB55EQPzMm1:AORlTaXUVaqJhJjB37PzMS

Malware Config

Extracted

Family

vipkeylogger

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.fastestpay.digital
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    1Qj;XlmD!Lrj

Targets

    • Target

      64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545.exe

    • Size

      626KB

    • MD5

      406c82d85bd25857140116b91f8c3b3d

    • SHA1

      5e62807cc5f68c061d1be770df181d1e23075dfd

    • SHA256

      64c5bc313008e6e595ab1eb59ec4b5fbdaa38e91d9f89def4fc1e66da64b2545

    • SHA512

      c969d9ffb277f8e51fcc531f9cce8b974f26ce1525145312a248e9f34d4752ee924b181977468ae1d175b1067ddd68f6be45a5e1fda2f374a619ca4006bfc220

    • SSDEEP

      12288:AORXHVTaXU/mlQF0FAIxlMZSkNyAJJjB55EQPzMm1:AORlTaXUVaqJhJjB37PzMS

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks