General

  • Target

    18122024_2338_17122024_Nuevo pedido de cotizacin 7383783 738238.pdf.lha

  • Size

    554KB

  • Sample

    241218-3mxkkaxjfs

  • MD5

    9222681b5ae2c006bf3f579b1be1928c

  • SHA1

    9f1586135f43534b1d97c01d9269b248b7e5def1

  • SHA256

    e4180bdb2d86aa484d6bd4349e065a9cf796df4713b0a7063e124bb99f8f48f9

  • SHA512

    693652835e6d87f0e62d584bf682670a0259f2a3bed14f5c8505ef59f5cfe67bcb8b428622c78abb13410bca681e3a09b502744b7fe4e54af0818b5331495dc7

  • SSDEEP

    12288:1CDymwYdscQlY1qkQOOMEl1Yjl1RBegEvlEvMZUxo1jlKxsA:eoosxanM1YX/5vMZUOKxP

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Nuevo pedido de cotización 7383783 738238.pdf.exe

    • Size

      1.0MB

    • MD5

      a3d99bcf752d0b63fa8d5515a4765777

    • SHA1

      cea1bb29d2d34f8c46fa6c9c645cc9753d5a918e

    • SHA256

      e71789b9c70a2b9bbe541baf50d4e222be0d1b1cc2b38be925c01d9169158bf5

    • SHA512

      f7e00d50005777373d65b9065bab7cd43ae3160554165e71c2db7bf901c34eb0608cd854e35e3159d48f698470db9a58e828aa6b4c2fa79c41149fc8030cdfe9

    • SSDEEP

      24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aT7LCjhY:nTvC/MTQYxsWR7aT7mF

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks