General

  • Target

    d99e9e3d982f4b8edbf8c316a6f830009944ad89c1d144d478c2849c091f5b6a

  • Size

    642KB

  • Sample

    241210-ehrazstjbv

  • MD5

    42fa4827bf6b86ac252d85bb99b96241

  • SHA1

    4490e9b304626c4ef0c703c3946886b038a3ffa8

  • SHA256

    d99e9e3d982f4b8edbf8c316a6f830009944ad89c1d144d478c2849c091f5b6a

  • SHA512

    c7acce95c0fcf1643b356dcc5a628dfb6d8f5a44b85e0768ea17eba77492ff582381d64c5d6237e1f3dc5224ac221329c6ac27dff351678d2d3f48a6da4b3254

  • SSDEEP

    12288:JMTX39R7n4Kdj6jVWtS7Gaiq0sk7C2/QAqTkOrGabyppUMBgS:JMT9R7ROjAADiqRhJAq9TbyphOS

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.starofseasmarine.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Dontforget2015

Extracted

Family

vipkeylogger

Targets

    • Target

      noah s crypt.exe

    • Size

      1.1MB

    • MD5

      1a74dbd880003ff0dfcc93dd83631743

    • SHA1

      c9bc0027273ad74ff97d1d7b8a0668e5e750a604

    • SHA256

      63f122de6bc1f877eccfddb4a3a34b93177203cdd3b906e02f6045d71917dd34

    • SHA512

      ed2c727b17db2d77e8ef79263b838bdb777bc71c0a2588e8b818c0f34d550c9b8b73b969b9f5a8ccb6abee5cd0bfd5699ebe108609ae646093f01bea643f123b

    • SSDEEP

      24576:Pu6J33O0c+JY5UZ+XC0kGso6FahQoisynLIJ9HWY:5u0c++OCvkGs9FahQoTcEoY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks