General

  • Target

    cd14430d51d6e17630e51a350f68135f9f50b3b36d98d66946ad8ea6f0e9f0fe.exe

  • Size

    331KB

  • Sample

    240827-v8p4lssejf

  • MD5

    ca3354d49506ec25b6baf29b38044715

  • SHA1

    dd722c615f980c2471a2223e438b3f9cfa850d0e

  • SHA256

    cd14430d51d6e17630e51a350f68135f9f50b3b36d98d66946ad8ea6f0e9f0fe

  • SHA512

    8e5860961a25cea8602576530d422ad8bc385e89799ba1edd011ceff92fb6da82de0049ff652c6ac53dd069815537bc9eb3133a0e565ca441baf8777a709559b

  • SSDEEP

    768:YvQe2VzEjss2yXg1ILcn0sspAgpq80Lyg1uMN0+dzsRU+eE6:aQ7E/pqrLy0uyz+f6

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      cd14430d51d6e17630e51a350f68135f9f50b3b36d98d66946ad8ea6f0e9f0fe.exe

    • Size

      331KB

    • MD5

      ca3354d49506ec25b6baf29b38044715

    • SHA1

      dd722c615f980c2471a2223e438b3f9cfa850d0e

    • SHA256

      cd14430d51d6e17630e51a350f68135f9f50b3b36d98d66946ad8ea6f0e9f0fe

    • SHA512

      8e5860961a25cea8602576530d422ad8bc385e89799ba1edd011ceff92fb6da82de0049ff652c6ac53dd069815537bc9eb3133a0e565ca441baf8777a709559b

    • SSDEEP

      768:YvQe2VzEjss2yXg1ILcn0sspAgpq80Lyg1uMN0+dzsRU+eE6:aQ7E/pqrLy0uyz+f6

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks