General

  • Target

    26092024_0015_24092024_ERTESITESI TELEX KIADASI DOKUMENTUM,img.img

  • Size

    1.7MB

  • Sample

    240926-aj1tlayfja

  • MD5

    46141a93183b7a457df8b00f93e072f8

  • SHA1

    2aeba8559ae582bf7c29e38dd867378b1e235e19

  • SHA256

    c51e79ad47c84a5d508658e5b8049be8ef04066bc47d60eb727a72724840a504

  • SHA512

    9047c9a12d69500781fee04737ff98dfb46d9f40960c948d4c2d250ffabf2164c69d6ebb3d5983af3000ef95b2261fe8831132c0faba6b9dc8c64a4a5a607c90

  • SSDEEP

    24576:eRmJkcoQricOIQxiZY1iaCD4BZQ+qVMroOaAuBjsEVOI/T:LJZoQrbTFZY1iaCMBanMkOaAuBXVHL

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      ERTESITESI TELEX KIADASI DOKUMENTUM,img.exe

    • Size

      1.1MB

    • MD5

      48d0b9133f73fa13b7693738bc3bb762

    • SHA1

      2d16f5d3bb170820fd3e05b3dd11b9fe1f084e63

    • SHA256

      4745dacd033d6700d3b78f219c8ad3b3d018519b9b97e099dc75d576e4e62282

    • SHA512

      0fc031be30864f1b671c87ffde953031182974e635819a244b754fed1ce752114c2d98f7343f7dd67a92126e0a4235dbc4db8e7fd47fd3f4fa110637480b5587

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCD4BZQ+qVMroOaAuBjsEVOI/TW:7JZoQrbTFZY1iaCMBanMkOaAuBXVHLW

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks