General
-
Target
PURCHASE ORDER DLNG REF. 4520007395.exe
-
Size
1.2MB
-
Sample
250130-jzze5sxmcp
-
MD5
02c65afc817f61d1d182e170a44d4843
-
SHA1
01ae56d0d7be193e9645a18e466038ae186bf944
-
SHA256
98d06e4d2c0ca3e9d257f28269a4a1040c1fa51ddbb6214e8d2b6eed2ab8aadf
-
SHA512
d0d49fe7a5a896e980d9558b0c170756a1e64a8e0ed903961bb1e6da5540a0b3dd21310e5e7360fb31a66b4662d10685a8f5e6dc7116e267f64d0f431047a066
-
SSDEEP
24576:03bKxS8debw/ZG0eaFsGzjeN/9JmLu+dzUdj+F/:03GQZbwi4fY/9Uaoqq/
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER DLNG REF. 4520007395.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER DLNG REF. 4520007395.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250129-en
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.copinsa.com - Port:
587 - Username:
[email protected] - Password:
fF@P??Jw(Nkz - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER DLNG REF. 4520007395.exe
-
Size
1.2MB
-
MD5
02c65afc817f61d1d182e170a44d4843
-
SHA1
01ae56d0d7be193e9645a18e466038ae186bf944
-
SHA256
98d06e4d2c0ca3e9d257f28269a4a1040c1fa51ddbb6214e8d2b6eed2ab8aadf
-
SHA512
d0d49fe7a5a896e980d9558b0c170756a1e64a8e0ed903961bb1e6da5540a0b3dd21310e5e7360fb31a66b4662d10685a8f5e6dc7116e267f64d0f431047a066
-
SSDEEP
24576:03bKxS8debw/ZG0eaFsGzjeN/9JmLu+dzUdj+F/:03GQZbwi4fY/9Uaoqq/
-
Guloader family
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
564bb0373067e1785cba7e4c24aab4bf
-
SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1
-
SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
-
SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
-
SSDEEP
192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2