General

  • Target

    d16a272916c70064157e0cef6770ff47ed874369e4db36ae0a569dd85357efca.exe

  • Size

    808KB

  • Sample

    241215-ely51atlaw

  • MD5

    8626a0c350243b5390abf5dee2a40641

  • SHA1

    8337486fbbece35e03456500b23c5044466419c7

  • SHA256

    d16a272916c70064157e0cef6770ff47ed874369e4db36ae0a569dd85357efca

  • SHA512

    5b91943db6e0b79fb6f776e4eb1337a54295688c09168ead60eae238b2be51cdb64ce3518643624d569163e4fee8a8e9cd374e0eddd59e13c13f523eafec793d

  • SSDEEP

    12288:jIC25usx+XtVUW1r4s7yy8FqY4uszmSpx0DzibplrdV26XyGnP/Ge/A:gx82VPFqY4usn0DzIVNXygPea

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    kashmirestore.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    c%P+6,(]YFvP

Extracted

Family

vipkeylogger

Targets

    • Target

      d16a272916c70064157e0cef6770ff47ed874369e4db36ae0a569dd85357efca.exe

    • Size

      808KB

    • MD5

      8626a0c350243b5390abf5dee2a40641

    • SHA1

      8337486fbbece35e03456500b23c5044466419c7

    • SHA256

      d16a272916c70064157e0cef6770ff47ed874369e4db36ae0a569dd85357efca

    • SHA512

      5b91943db6e0b79fb6f776e4eb1337a54295688c09168ead60eae238b2be51cdb64ce3518643624d569163e4fee8a8e9cd374e0eddd59e13c13f523eafec793d

    • SSDEEP

      12288:jIC25usx+XtVUW1r4s7yy8FqY4uszmSpx0DzibplrdV26XyGnP/Ge/A:gx82VPFqY4usn0DzIVNXygPea

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks