General

  • Target

    7e83dd646c94472644e2b279e426da77217add114289aeb822bc25f77c47e714

  • Size

    1.2MB

  • Sample

    240925-nn8lwswepe

  • MD5

    69d85eebf31a36c0318a2fa2ffe7167d

  • SHA1

    53b4426e506bdfdb0ae44d4712d8ae2563c7e249

  • SHA256

    7e83dd646c94472644e2b279e426da77217add114289aeb822bc25f77c47e714

  • SHA512

    1acebaba4a887d52b951f07e929cd62fae3ebe6a70d2c78db7496ccd8d597b2490bff3d579db8c316f3405d2eff2089695e8b88816df23e8f1daaa73db8695a9

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCtOZzhtMtQainv90gTVSPDm3l0ace:7JZoQrbTFZY1iaC0Z1kFSlbTVSPQz

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      7e83dd646c94472644e2b279e426da77217add114289aeb822bc25f77c47e714

    • Size

      1.2MB

    • MD5

      69d85eebf31a36c0318a2fa2ffe7167d

    • SHA1

      53b4426e506bdfdb0ae44d4712d8ae2563c7e249

    • SHA256

      7e83dd646c94472644e2b279e426da77217add114289aeb822bc25f77c47e714

    • SHA512

      1acebaba4a887d52b951f07e929cd62fae3ebe6a70d2c78db7496ccd8d597b2490bff3d579db8c316f3405d2eff2089695e8b88816df23e8f1daaa73db8695a9

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCtOZzhtMtQainv90gTVSPDm3l0ace:7JZoQrbTFZY1iaC0Z1kFSlbTVSPQz

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks