General

  • Target

    Swftsend8964,pdf.exe

  • Size

    1.2MB

  • Sample

    240924-rp5s6ssbqd

  • MD5

    a9277cc2ccfaf7cc487fd2b8059be116

  • SHA1

    7f8f98c3f853c3e29cb95897d15195f6e064ee62

  • SHA256

    9c7b9ceb30c4f703691c6406457b9c9074b98efe49b19115f88977340bb83492

  • SHA512

    8df33fde419fdb0b8793da005cc3bc52ea116a7981bff46203870954ba7a21f653cd259256c9297fcb9803b3c158986790c7c246490e316af40f70426fab8c71

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaC+4MhwIQ0eVEI:7JZoQrbTFZY1iaC+lwIWF

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Swftsend8964,pdf.exe

    • Size

      1.2MB

    • MD5

      a9277cc2ccfaf7cc487fd2b8059be116

    • SHA1

      7f8f98c3f853c3e29cb95897d15195f6e064ee62

    • SHA256

      9c7b9ceb30c4f703691c6406457b9c9074b98efe49b19115f88977340bb83492

    • SHA512

      8df33fde419fdb0b8793da005cc3bc52ea116a7981bff46203870954ba7a21f653cd259256c9297fcb9803b3c158986790c7c246490e316af40f70426fab8c71

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaC+4MhwIQ0eVEI:7JZoQrbTFZY1iaC+lwIWF

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks