General

  • Target

    638264250924PDF.exe

  • Size

    1.2MB

  • Sample

    240925-xcap6athqh

  • MD5

    7a2586f54288a95dc01fca7aa8a3bf54

  • SHA1

    ac4cd20889afaccac8794fa54f8beb945c0e3526

  • SHA256

    c576d03129a4176c8efb8a20f88b9183a4b9503670592295a9aae8b64e9c98d8

  • SHA512

    f742cfccdd0816f637e54084e38c6a373d9a87bcbb3007059ea10b067c41848ece12de791719ca2ed8759250bb0dedda2b5639b086083d8d21ee3671cf5b748f

  • SSDEEP

    24576:2RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1wI:TJZoQrbTFZY1iaG+1zS4KizYC3z9I

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      638264250924PDF.exe

    • Size

      1.2MB

    • MD5

      7a2586f54288a95dc01fca7aa8a3bf54

    • SHA1

      ac4cd20889afaccac8794fa54f8beb945c0e3526

    • SHA256

      c576d03129a4176c8efb8a20f88b9183a4b9503670592295a9aae8b64e9c98d8

    • SHA512

      f742cfccdd0816f637e54084e38c6a373d9a87bcbb3007059ea10b067c41848ece12de791719ca2ed8759250bb0dedda2b5639b086083d8d21ee3671cf5b748f

    • SSDEEP

      24576:2RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1wI:TJZoQrbTFZY1iaG+1zS4KizYC3z9I

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks