General

  • Target

    z6Ordende97001_pfd.exe

  • Size

    592KB

  • Sample

    241205-ztvg1ayjgk

  • MD5

    4550742cb926aba24680aade09e087a9

  • SHA1

    40964277d25bac2f8f21d5abe4a22c9bd18fd6b8

  • SHA256

    adcff46a96c196f652df836870b30477de986a6c8b744c51e5617f96b069a882

  • SHA512

    8a4bdb04b27da05ef13ac72869f91a3de8aa55ba31959de8951c5789ed66f2efbe15bb2f2f3a4744e688c9375c8212d375f8b54ecd8639a5ace6b64f9b2bb1a7

  • SSDEEP

    12288:wlvLevPRvZgjtlf9hnpeQ72KRRk0FPRke5tl4gVttvfqPU4gM7+jof:wlTexWlh0Qa2pIe5pfqsfEf

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.besemglda.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Lovelove@123

Extracted

Family

vipkeylogger

Targets

    • Target

      z6Ordende97001_pfd.exe

    • Size

      592KB

    • MD5

      4550742cb926aba24680aade09e087a9

    • SHA1

      40964277d25bac2f8f21d5abe4a22c9bd18fd6b8

    • SHA256

      adcff46a96c196f652df836870b30477de986a6c8b744c51e5617f96b069a882

    • SHA512

      8a4bdb04b27da05ef13ac72869f91a3de8aa55ba31959de8951c5789ed66f2efbe15bb2f2f3a4744e688c9375c8212d375f8b54ecd8639a5ace6b64f9b2bb1a7

    • SSDEEP

      12288:wlvLevPRvZgjtlf9hnpeQ72KRRk0FPRke5tl4gVttvfqPU4gM7+jof:wlTexWlh0Qa2pIe5pfqsfEf

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks