General

  • Target

    bfa52b7224ee898d9a5289e772fc2fde1bd9d59e74c2dbc104ec6231fb98abcc

  • Size

    623KB

  • Sample

    240924-mgxels1dkr

  • MD5

    640d647a9d3b300f99eb950d47d8f88c

  • SHA1

    bda0c3af77b17044615dc708716f2873bcf0c508

  • SHA256

    bfa52b7224ee898d9a5289e772fc2fde1bd9d59e74c2dbc104ec6231fb98abcc

  • SHA512

    33d3856967f6578511439cc17de2f0a850bd9a6eac7442015f4c0cadee5ef1b4ee09780e57242ee1805f00feb9b1d71d3d6256a53520b0b66b475db783bb5550

  • SSDEEP

    12288:RWcIxlbIvH9J6qDF+oN8dlINqOUcvVECSWAbsEWvRCWz4TYs6bDKlOKr5Xri:ocIxlEvH9l+nd6lGCHEWJCW06GOKrNe

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Request for Quotation - NPN 80024835 document.exe

    • Size

      3.3MB

    • MD5

      0f00ba4a887b730b19d98989bccdb1e7

    • SHA1

      15d9a8396eba164894033c81c0c790bbf190169e

    • SHA256

      dc354b9f79ee0ccd712f7169a4fc0a9c6d7d60a3d5667bf9008132068d9beee5

    • SHA512

      041bd2d7f4abf9a62915b49568d70a66dd38565c0eaac88911a0dd977155dd275989b2e4779729e08df89200cd19276dbfbd12e4c2313599674937b4e11d0f5d

    • SSDEEP

      12288:gII7lJ6vv136qD5+oz8dFINSOScvByCSe2VeEWXXCIp45YWebRKVOKBhh:/I7l8vv1P+/dmHUCXEWnCIYe+OKBD

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks