General

  • Target

    cd9cf87a8caec51defc040a90f55bf9cdab2c59abe1c21d9608d6cd680bfd9c9.exe

  • Size

    1.2MB

  • Sample

    240820-vwq55syakm

  • MD5

    6d555abb7f2915424b92b0b797edbe46

  • SHA1

    92b23c3f0390766e375dc25bd3671e99c2ad2b96

  • SHA256

    cd9cf87a8caec51defc040a90f55bf9cdab2c59abe1c21d9608d6cd680bfd9c9

  • SHA512

    8ef94aaff5f8ceebe78d82fff7fbaa24785ddd31c8baf988c7b97c2697ba1098f4f729e91ee6976b26b2032a978eb808609cb42d2dc76d83c4d210a41d9a3a50

  • SSDEEP

    24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aJh1pL0xx3Wrways:2TvC/MTQYxsWR7aJpgtWr

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      cd9cf87a8caec51defc040a90f55bf9cdab2c59abe1c21d9608d6cd680bfd9c9.exe

    • Size

      1.2MB

    • MD5

      6d555abb7f2915424b92b0b797edbe46

    • SHA1

      92b23c3f0390766e375dc25bd3671e99c2ad2b96

    • SHA256

      cd9cf87a8caec51defc040a90f55bf9cdab2c59abe1c21d9608d6cd680bfd9c9

    • SHA512

      8ef94aaff5f8ceebe78d82fff7fbaa24785ddd31c8baf988c7b97c2697ba1098f4f729e91ee6976b26b2032a978eb808609cb42d2dc76d83c4d210a41d9a3a50

    • SSDEEP

      24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aJh1pL0xx3Wrways:2TvC/MTQYxsWR7aJpgtWr

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks