General

  • Target

    24099762P2024091901KYRQA.exe

  • Size

    1.2MB

  • Sample

    240924-lm7xvsshpg

  • MD5

    aa6fe985cad16a72f80f8ff5d23d35cf

  • SHA1

    afbf1713a312efaa5bae37c5763818a801cfb195

  • SHA256

    941a189bd84102c13255835bb2f4df77d9cb126be4e54faa179b9de469375fbe

  • SHA512

    7fc269ccb157021f8510821ef6c362a7f71cb61fd4080328fd9844f33df9b93c2ddecb5953c5fbad727452aa4db2a668477686c62cb9f9a97fbd517040164f70

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCuZqjQv3xtliBJo748j+emS+gbw:7JZoQrbTFZY1iaCuZ5Dlino7BT+gE

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      24099762P2024091901KYRQA.exe

    • Size

      1.2MB

    • MD5

      aa6fe985cad16a72f80f8ff5d23d35cf

    • SHA1

      afbf1713a312efaa5bae37c5763818a801cfb195

    • SHA256

      941a189bd84102c13255835bb2f4df77d9cb126be4e54faa179b9de469375fbe

    • SHA512

      7fc269ccb157021f8510821ef6c362a7f71cb61fd4080328fd9844f33df9b93c2ddecb5953c5fbad727452aa4db2a668477686c62cb9f9a97fbd517040164f70

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCuZqjQv3xtliBJo748j+emS+gbw:7JZoQrbTFZY1iaCuZ5Dlino7BT+gE

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks