General

  • Target

    hesaphareketi01.exe

  • Size

    1.6MB

  • Sample

    240924-ns52kawhpc

  • MD5

    33f9a52ed3ffb50b8521c8aa32937ffa

  • SHA1

    74352bdb82ea54b118490eb2cde06a7270498e92

  • SHA256

    cca0cb633f134cf902a00fbf802fe7a6cca46f5ce480b992218247b1f489062c

  • SHA512

    13e6766120cefee771625f5a96a7539cd27c9bda27df32ce3069c15c7600ec0a7e609f5214fd92f49e9434144ee2e440e1b3fa5842f6b72856c74faa3a2bead6

  • SSDEEP

    12288:QEOAC89LW3M1M6VwLVgHhLIqVnBJDcU+SQb+wCbDEXQSiftT8LkaoRRhDOM:QEOSBeK1wkhnVnHCSQS3EgSGwLkaoRbZ

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      hesaphareketi01.exe

    • Size

      1.6MB

    • MD5

      33f9a52ed3ffb50b8521c8aa32937ffa

    • SHA1

      74352bdb82ea54b118490eb2cde06a7270498e92

    • SHA256

      cca0cb633f134cf902a00fbf802fe7a6cca46f5ce480b992218247b1f489062c

    • SHA512

      13e6766120cefee771625f5a96a7539cd27c9bda27df32ce3069c15c7600ec0a7e609f5214fd92f49e9434144ee2e440e1b3fa5842f6b72856c74faa3a2bead6

    • SSDEEP

      12288:QEOAC89LW3M1M6VwLVgHhLIqVnBJDcU+SQb+wCbDEXQSiftT8LkaoRRhDOM:QEOSBeK1wkhnVnHCSQS3EgSGwLkaoRbZ

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks