General
-
Target
48db01d4c24db50c1509fe5313929cda3adccf48b3436ef003bf65fc46a56e30N.exe
-
Size
1.0MB
-
Sample
241207-f5lvfsyjcv
-
MD5
a4272146962443a5d3795d2443268660
-
SHA1
c4b0dea3202c5e7fcb6d97a099b71be43c141066
-
SHA256
48db01d4c24db50c1509fe5313929cda3adccf48b3436ef003bf65fc46a56e30
-
SHA512
f136c4e2d8d1b77ddc8cbe768c1a7d268bd9a415720b873c98aff2f3c7be441880dafc6b8897b9804891e055ccf1f2b522d762641a97f3811241f8d4d5caf0de
-
SSDEEP
24576:Ij+E5UmQgGxoeTKDCAJvxADGSifhNwmNG3Ap137dboaPjyMi76Kbi:Y+HmWxKDCA9fQt3IRM+i76t
Static task
static1
Behavioral task
behavioral1
Sample
48db01d4c24db50c1509fe5313929cda3adccf48b3436ef003bf65fc46a56e30N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
48db01d4c24db50c1509fe5313929cda3adccf48b3436ef003bf65fc46a56e30N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
[email protected] - Password:
JA-*2020antonio - Email To:
[email protected]
Targets
-
-
Target
48db01d4c24db50c1509fe5313929cda3adccf48b3436ef003bf65fc46a56e30N.exe
-
Size
1.0MB
-
MD5
a4272146962443a5d3795d2443268660
-
SHA1
c4b0dea3202c5e7fcb6d97a099b71be43c141066
-
SHA256
48db01d4c24db50c1509fe5313929cda3adccf48b3436ef003bf65fc46a56e30
-
SHA512
f136c4e2d8d1b77ddc8cbe768c1a7d268bd9a415720b873c98aff2f3c7be441880dafc6b8897b9804891e055ccf1f2b522d762641a97f3811241f8d4d5caf0de
-
SSDEEP
24576:Ij+E5UmQgGxoeTKDCAJvxADGSifhNwmNG3Ap137dboaPjyMi76Kbi:Y+HmWxKDCA9fQt3IRM+i76t
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2