General

  • Target

    26092024_0016_25092024_638264-250924. PDF.IMG

  • Size

    1.8MB

  • Sample

    240926-akzb6awbqn

  • MD5

    00adf5e3d7f43a48df6bbd03e96b9975

  • SHA1

    23b8daf20ba2218bf60d62d3a94554d4f8d4deda

  • SHA256

    5a1240cedcbfd36aeed14e62aefb0aef0b1fc262cc2c86017d37b3690fe1564c

  • SHA512

    650468b2a62a7a59983f8727d9975bb785ac1ecea0a18ecc073baf1f0842727e4e234c650df0a8f5025a571d23da78b834fec3e351c4933ad304ddaab8db6ed2

  • SSDEEP

    24576:/RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1w:UJZoQrbTFZY1iaG+1zS4KizYC3z9

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      638264-250924,PDF.exe

    • Size

      1.2MB

    • MD5

      7a2586f54288a95dc01fca7aa8a3bf54

    • SHA1

      ac4cd20889afaccac8794fa54f8beb945c0e3526

    • SHA256

      c576d03129a4176c8efb8a20f88b9183a4b9503670592295a9aae8b64e9c98d8

    • SHA512

      f742cfccdd0816f637e54084e38c6a373d9a87bcbb3007059ea10b067c41848ece12de791719ca2ed8759250bb0dedda2b5639b086083d8d21ee3671cf5b748f

    • SSDEEP

      24576:2RmJkcoQricOIQxiZY1iaG+1yg+hfOTeRs1KizY9Y3TMNag1wI:TJZoQrbTFZY1iaG+1zS4KizYC3z9I

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks