General

  • Target

    23122024_0134_PAYMENT RECEIPT_pdf.cmd.zip

  • Size

    312KB

  • Sample

    241223-bzbebatkhz

  • MD5

    72608777a8fa21003c23437af1c7983b

  • SHA1

    51634e2a12f7106672d6e7fc11417623494cb679

  • SHA256

    79492cddbfcf0464ed14297447454ccb548db37ecd084477b7a76fa5a7a7ec35

  • SHA512

    a947a7ceacefd5f191de9157c809bcf8e0ab323ff56d4f30f80433aed749ef65511beb098aa7f00245924bde7f466877f99c4ce8dfc1bb8b5cd8a4d26c79b031

  • SSDEEP

    6144:BjGFtBQ/e8WzR114pc6kIh9HdoRNRu4gPo6Pvm:BIBQ/zWzR1+zkI3HdoRDu4gPo6Pu

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      PAYMENT RECEIPT_pdf.cmd

    • Size

      472KB

    • MD5

      6777212486b6ff2da8284ca567e8787b

    • SHA1

      7cf028ad1ccd53c81e9b1596f240115d886ab410

    • SHA256

      c8a51f63236d6bd55b39a715498e6bf36f9095ebcb9d882eb7837853162244e8

    • SHA512

      8dd911a32596ff329e92f99681bf098f73decd0c0e536391f6d027481eac4695bfbdb6d45aa73dcb204f83bc2f9ec2a13d1ae8a878d510e525188db4738142e9

    • SSDEEP

      12288:uVniZ8bCOWuvgsIhHdPKgxi5+FhPWs8jyFe2:uBiUcsunhPlFe

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks