General

  • Target

    SALARY_RECEIPT.exe

  • Size

    978KB

  • Sample

    241210-kd5wga1kcs

  • MD5

    b5a3ea0071679f5c97430d9c975b519f

  • SHA1

    a907a0a8662358e2949049cdb3985c25f6fdc101

  • SHA256

    40e6296abf94cb3ee0a7897c71105ac1316ab063dc5deb4a8e433743668294cd

  • SHA512

    e00d817416242936e0b755af94697e0f9b7136dc97773cf4da77d3ccbb7a26c63df84890aedd545d84017082479d33cf098c293ad43436f1c3f3ca8c2190b2bf

  • SSDEEP

    24576:4u6J33O0c+JY5UZ+XC0kGso6FaAR/DgsWY:yu0c++OCvkGs9FaARaY

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.hostinger.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    eQ&vwpXMsK38

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      SALARY_RECEIPT.exe

    • Size

      978KB

    • MD5

      b5a3ea0071679f5c97430d9c975b519f

    • SHA1

      a907a0a8662358e2949049cdb3985c25f6fdc101

    • SHA256

      40e6296abf94cb3ee0a7897c71105ac1316ab063dc5deb4a8e433743668294cd

    • SHA512

      e00d817416242936e0b755af94697e0f9b7136dc97773cf4da77d3ccbb7a26c63df84890aedd545d84017082479d33cf098c293ad43436f1c3f3ca8c2190b2bf

    • SSDEEP

      24576:4u6J33O0c+JY5UZ+XC0kGso6FaAR/DgsWY:yu0c++OCvkGs9FaARaY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks