Overview

overview

10

Static

static

3

2201202559...df.exe

windows7-x64

10

2201202559...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2201202559658_2835,pdf.exe

  • Size

    776KB

  • Sample

    250128-nnvd9szpdp

  • MD5

    63e8201de5c2dd6ae511ef05137cec09

  • SHA1

    b80b8f6220ea23f0ecc549d2c14c621779bf0641

  • SHA256

    b371f30f8a988c595f16418783ce61a2c5ca92cd94e76f9923f0b41b06d10c46

  • SHA512

    aa1f92f89264a4278b904422ae29cca5f1832678879bb37273a906f4d4517d47aceca2922d6e2abaacac5dcda8b51ec9c38bd28f66e98e3a26f0f4e5a848e2a1

  • SSDEEP

    24576:8kUKu306jr2wcjWKLafXP5NqekRCtYhM:89tILaaekRp

Score
10/10
vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    puragenicindia.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    bobbyj2016@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.puragenicindia.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Tt83LN,]V)@{

Targets

    • Target

      2201202559658_2835,pdf.exe

    • Size

      776KB

    • MD5

      63e8201de5c2dd6ae511ef05137cec09

    • SHA1

      b80b8f6220ea23f0ecc549d2c14c621779bf0641

    • SHA256

      b371f30f8a988c595f16418783ce61a2c5ca92cd94e76f9923f0b41b06d10c46

    • SHA512

      aa1f92f89264a4278b904422ae29cca5f1832678879bb37273a906f4d4517d47aceca2922d6e2abaacac5dcda8b51ec9c38bd28f66e98e3a26f0f4e5a848e2a1

    • SSDEEP

      24576:8kUKu306jr2wcjWKLafXP5NqekRCtYhM:89tILaaekRp

    Score
    10/10
    vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

      stealerkeyloggervipkeylogger

    • Vipkeylogger family

      vipkeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks