General

  • Target

    e9ace32d560ccb49b108664effb7ee9115128193441591de57ccdade2e8c7add

  • Size

    1.2MB

  • Sample

    240924-tc5zhsvfrh

  • MD5

    8ea503dc9ccd406e8be7900aa0baf314

  • SHA1

    705329e99306193c5d92c75d27991564c80bc0c3

  • SHA256

    e9ace32d560ccb49b108664effb7ee9115128193441591de57ccdade2e8c7add

  • SHA512

    7b7d9051d6b638813b515b3b6fc34dff2ad7500b7e63842fcf56e3abfe1ec84198ec9208b9e91360ba463e17f73000333e676ab76d1e2ae00dbd3bbecd2d5a89

  • SSDEEP

    24576:47mrlN5UlxU7qwtMc3lKXX1MOeZ3IMB9aQMcVPJiocCNv+2qldfd9:4gNilxU7q4McV2RDM/HRhioH+2cT

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Bank Details.exe

    • Size

      3.1MB

    • MD5

      a6e4e89f00d68be02f99096e2a4a7354

    • SHA1

      4e3a9c9642b81afb1796456f469351fb9206f6a6

    • SHA256

      8e4c8220da40890346882eb27edbe5072ac81e47c2a78f4bc57dea2c4a7c7c4f

    • SHA512

      ce5de98ba70b480f3f30c425f20ab767e67b0c1c6a0e8fa644edb40bc07d442c7f37f2276e239c763c34571c8980f7985675e6e82a95351c029da80905d85ed3

    • SSDEEP

      12288:lzIuqPC3I1HwB/PhoNYXCMRIOxpbzJucOLCb3c2ZL/QgW0H0dhU:lz93IqBRogimbzJuccCb3c2K9dhU

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    • Target

      Bank Details.exe

    • Size

      3.1MB

    • MD5

      a6e4e89f00d68be02f99096e2a4a7354

    • SHA1

      4e3a9c9642b81afb1796456f469351fb9206f6a6

    • SHA256

      8e4c8220da40890346882eb27edbe5072ac81e47c2a78f4bc57dea2c4a7c7c4f

    • SHA512

      ce5de98ba70b480f3f30c425f20ab767e67b0c1c6a0e8fa644edb40bc07d442c7f37f2276e239c763c34571c8980f7985675e6e82a95351c029da80905d85ed3

    • SSDEEP

      12288:lzIuqPC3I1HwB/PhoNYXCMRIOxpbzJucOLCb3c2ZL/QgW0H0dhU:lz93IqBRogimbzJuccCb3c2K9dhU

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks