General

  • Target

    44cd4f6ebd5c40c71b72c4c9ae46838d778637eb70db082592bb7ccbeca4f47f.exe

  • Size

    372KB

  • Sample

    240831-bp6sgaxfrr

  • MD5

    6badc2be7c289a2e7d0b017e3355b119

  • SHA1

    a89325b9422957a9a9e539a9caad520ce4b1fc7d

  • SHA256

    44cd4f6ebd5c40c71b72c4c9ae46838d778637eb70db082592bb7ccbeca4f47f

  • SHA512

    8449f332c331da6aea103d97ed67a9c5b84ffaeaad1a104298fce39ec74bef89830e19945ddac8a7c421cd82de1651ba8594d752ceb389c9251c622a5f9217fe

  • SSDEEP

    768:pYbN2A1nG9nyAWkaHRQTwdYF4H4447iiL1a:E2A1n4yAWNHRUmYF4H444la

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      44cd4f6ebd5c40c71b72c4c9ae46838d778637eb70db082592bb7ccbeca4f47f.exe

    • Size

      372KB

    • MD5

      6badc2be7c289a2e7d0b017e3355b119

    • SHA1

      a89325b9422957a9a9e539a9caad520ce4b1fc7d

    • SHA256

      44cd4f6ebd5c40c71b72c4c9ae46838d778637eb70db082592bb7ccbeca4f47f

    • SHA512

      8449f332c331da6aea103d97ed67a9c5b84ffaeaad1a104298fce39ec74bef89830e19945ddac8a7c421cd82de1651ba8594d752ceb389c9251c622a5f9217fe

    • SSDEEP

      768:pYbN2A1nG9nyAWkaHRQTwdYF4H4447iiL1a:E2A1n4yAWNHRUmYF4H444la

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks