General

  • Target

    2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021.exe

  • Size

    703KB

  • Sample

    240828-bw3pdszblh

  • MD5

    368c348876ea257c08cf6b32cdb2f567

  • SHA1

    3336a515822b67e891782ebe907b78ef14dfc7cf

  • SHA256

    2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021

  • SHA512

    9da17c7837c27fc84f2b94acaf64b97b6c779a554f999500bc9558f42ededd6ebfebb5b357c0fcb23b6f669cc81410e4933686aeb0ed5968d826076554c65b06

  • SSDEEP

    12288:a7MJHZFQp4CdsJYgASCk0DpDLZwfw+A0T2obdYgVRgTuaFp0zS6w+CAG0snsQ6:aIJHop42gAM0teoVGbd9VRYH6VfAsQ6

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021.exe

    • Size

      703KB

    • MD5

      368c348876ea257c08cf6b32cdb2f567

    • SHA1

      3336a515822b67e891782ebe907b78ef14dfc7cf

    • SHA256

      2d893d8955618d559fd07a9f01585b157e2efa71ed0bd22c77d318fad6bbf021

    • SHA512

      9da17c7837c27fc84f2b94acaf64b97b6c779a554f999500bc9558f42ededd6ebfebb5b357c0fcb23b6f669cc81410e4933686aeb0ed5968d826076554c65b06

    • SSDEEP

      12288:a7MJHZFQp4CdsJYgASCk0DpDLZwfw+A0T2obdYgVRgTuaFp0zS6w+CAG0snsQ6:aIJHop42gAM0teoVGbd9VRYH6VfAsQ6

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks