General

  • Target

    188ad066f916fffbe335dd7cdc013615a5d1112ff84a522cc273b52cc3743181

  • Size

    517KB

  • Sample

    250630-t6jndahn3z

  • MD5

    5c888f331dce77ce9900d485df7c2c6a

  • SHA1

    9735ff70c971c1294a7699993476ce80552f7d10

  • SHA256

    188ad066f916fffbe335dd7cdc013615a5d1112ff84a522cc273b52cc3743181

  • SHA512

    9a8b06d1fd96aa012894d5e4ff27358c424762d4df773f945e0fb7799d1aa0cbf7f60357be79dfc2de705ce403051d22d075ef11fa3407d0c1b4ed1558a75a99

  • SSDEEP

    12288:vQyu/bD80vFGPaorCmX9STqFCPCyjiXv/zQqo:Yx/9FGPDrCmE+FC7insqo

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      facturas 20250701.exe

    • Size

      597KB

    • MD5

      94820ff538dea721ab15d637a45137cb

    • SHA1

      d0d8788c5e9ca6f17b06bf3e6fc1aa75b229c8ad

    • SHA256

      f649cf3b5f32b42246844912a971e410cf796cbc457986b0079be0f9775393d1

    • SHA512

      516934fcda6f623e88e8830bd3731a9351646a7e712bab26fc4b4a182ddf0d1d6f59e519fae4dad3dd3d7425423df5030dfdf4b4bc262f4e68851ea15c05f830

    • SSDEEP

      12288:MUze4UCEVDPX/PDqrvSmpktw7uVUPbIYGEOL8AdBvZ:MeefZgFq+qVAIYGEOHj

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      376c1b784a3cca9d10ba4ca5d8cb55d2

    • SHA1

      ad12f8ebab5b4b58eb7d5368469e82e2442b089f

    • SHA256

      5bee24fef5c0f643adc7ee02ccb6e80a72a4eb30d9d326023ac03f0ffbc4e624

    • SHA512

      6f02f0d878c228de114dee6b0df85152745b43893a252b2e9c309ba943ea56ab1ee678e42d9b0a89162e2bda627d396c2933c02e1c42d0169ac6e05ff3af4bbb

    • SSDEEP

      48:S46+/pTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mzofjLl:zfuPbOBtWZBV8jAWiAJCdv2CmmL

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      8b3830b9dbf87f84ddd3b26645fed3a0

    • SHA1

      223bef1f19e644a610a0877d01eadc9e28299509

    • SHA256

      f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

    • SHA512

      d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03

    • SSDEEP

      192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks