General

  • Target

    ef2d231b511ad42c057a1bb3c69d27039063a817f5f14ec9b1298d315e61ec5b.exe

  • Size

    766KB

  • Sample

    250113-wtly3sskd1

  • MD5

    5a044ff1f79ecc26744e4e62056ae194

  • SHA1

    c4e347e7ceaeb3dd07f868cfa3d42845ba461616

  • SHA256

    ef2d231b511ad42c057a1bb3c69d27039063a817f5f14ec9b1298d315e61ec5b

  • SHA512

    f743df3661402f9a9f20ddbdb7ed094d44f7402703a9051cfac296245f1f6fde2cd4356a352fadb524bfbca068f43c2ac9890b713ed252365e21705984f2ebae

  • SSDEEP

    12288:zTsQB8/720mXkfz0z6YTaXb//HU7e9HLQl2SlPRIiusk4qQuTHLANvILxCrHt37d:zTsQB8S0ck70haXb30yMDTIumTrsgL0f

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    director@igakuin.com
  • Password:
    wVCMFq@2wVCMFq@2

Extracted

Family

vipkeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    director@igakuin.com
  • Password:
    wVCMFq@2wVCMFq@2
  • Email To:
    director@igakuin.com

Targets

    • Target

      ef2d231b511ad42c057a1bb3c69d27039063a817f5f14ec9b1298d315e61ec5b.exe

    • Size

      766KB

    • MD5

      5a044ff1f79ecc26744e4e62056ae194

    • SHA1

      c4e347e7ceaeb3dd07f868cfa3d42845ba461616

    • SHA256

      ef2d231b511ad42c057a1bb3c69d27039063a817f5f14ec9b1298d315e61ec5b

    • SHA512

      f743df3661402f9a9f20ddbdb7ed094d44f7402703a9051cfac296245f1f6fde2cd4356a352fadb524bfbca068f43c2ac9890b713ed252365e21705984f2ebae

    • SSDEEP

      12288:zTsQB8/720mXkfz0z6YTaXb//HU7e9HLQl2SlPRIiusk4qQuTHLANvILxCrHt37d:zTsQB8S0ck70haXb30yMDTIumTrsgL0f

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.