General

  • Target

    (PO-090220-02837).exe

  • Size

    1.1MB

  • Sample

    241218-s68f3avnaj

  • MD5

    88ae8bda9d82167c30205b7be959d2b5

  • SHA1

    204d1aa6f9cfb662babba813bbbe54371c11d6b3

  • SHA256

    2e6f9a5fcfce60e9a28545dd9171993ed51d5e6ddb90643b9d3ea16f64c8a076

  • SHA512

    cf88685cdaa09c6062e761b2d2b06f3636340b1c96d648a968b4655b32fd7716c5f08fa1d5a0d701ec6d001cc5a9eee75817d8a9fcb475ac404c18e6af071320

  • SSDEEP

    24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aSVXndE2dx4B:xTvC/MTQYxsWR7aSFdE2v

Malware Config

Extracted

Family

vipkeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.wxtp.store
  • Port:
    587
  • Username:
    cures@wxtp.store
  • Password:
    7213575aceACE@@
  • Email To:
    cure@wxtp.store

Targets

    • Target

      (PO-090220-02837).exe

    • Size

      1.1MB

    • MD5

      88ae8bda9d82167c30205b7be959d2b5

    • SHA1

      204d1aa6f9cfb662babba813bbbe54371c11d6b3

    • SHA256

      2e6f9a5fcfce60e9a28545dd9171993ed51d5e6ddb90643b9d3ea16f64c8a076

    • SHA512

      cf88685cdaa09c6062e761b2d2b06f3636340b1c96d648a968b4655b32fd7716c5f08fa1d5a0d701ec6d001cc5a9eee75817d8a9fcb475ac404c18e6af071320

    • SSDEEP

      24576:xqDEvCTbMWu7rQYlBQcBiT6rprG8aSVXndE2dx4B:xTvC/MTQYxsWR7aSFdE2v

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.