General

  • Target

    26092024_0022_25092024_Placanje_09242024.jpg.img

  • Size

    1.8MB

  • Sample

    240926-an666sygrf

  • MD5

    b5653a8d6c545707563cacafbf2dfdcc

  • SHA1

    f9f6cba09d2de348dae6899f901d7e5219e37e71

  • SHA256

    64171f2d01482c0a9897285cd229ee172f3efa4638e67fae85bd29b05ff78231

  • SHA512

    23d94bfa6061f5426f521677464202596ed43fee11e2cd1365505b6a151481675720716e077707df8921935b4faef765b1ffcb76681a406cf653b8a8439a5e48

  • SSDEEP

    24576:zRmJkcoQricOIQxiZY1iaCy+d+ZcUd03vg5iofN7ayaMed5SS:AJZoQrbTFZY1iaC2cUd6WN7afMed5S

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Placanje_09242024,jpg.exe

    • Size

      1.2MB

    • MD5

      f346359c143ffa9016bab7bf102a0d8f

    • SHA1

      febbcb2cdda48b40529755ccfcb580c2f997471f

    • SHA256

      c65f84d8ef98b362fc1126e29c16b2e24ae336b7fbf208294940466dd6c61629

    • SHA512

      50377d22e5c2f6d919f3f7cf6506f90d3e805acb5ff84e99e76463e8f00151aa1f2254cf5e9c00520113023043f8df0b553156185f4a45523237a0f49524d2d6

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCy+d+ZcUd03vg5iofN7ayaMed5SS6:7JZoQrbTFZY1iaC2cUd6WN7afMed5S7

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks