General

  • Target

    0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8N.exe

  • Size

    947KB

  • Sample

    250112-zj32ds1lhm

  • MD5

    a3b930d818008118d4a1c0a055ca5210

  • SHA1

    631640062da01787484d2677c15b89948997def8

  • SHA256

    0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8

  • SHA512

    45562b51dac125aba163604c191076cbc9b849294b6d0f81b9017a3d646c913d9e861a9429a2298f611766c0a260642b7459789fb104f3bd3613bd8ea42375ff

  • SSDEEP

    24576:eMaSSKy2/SPNtqqR4tWOb780ySppfysKP:eRQGObXySppfyR

Malware Config

Extracted

Family

vipkeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.aruzen.co.in
  • Port:
    587
  • Username:
    logistics@aruzen.co.in
  • Password:
    Pawsad-xovwut-2zoxso
  • Email To:
    stefano.clemente-memoryworld@wstceh.com

Targets

    • Target

      0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8N.exe

    • Size

      947KB

    • MD5

      a3b930d818008118d4a1c0a055ca5210

    • SHA1

      631640062da01787484d2677c15b89948997def8

    • SHA256

      0e5a94ce2ca28a97193426a16cae17cb282f5484aab944b2a90060e2d84fb0d8

    • SHA512

      45562b51dac125aba163604c191076cbc9b849294b6d0f81b9017a3d646c913d9e861a9429a2298f611766c0a260642b7459789fb104f3bd3613bd8ea42375ff

    • SSDEEP

      24576:eMaSSKy2/SPNtqqR4tWOb780ySppfysKP:eRQGObXySppfyR

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.