General

  • Target

    2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84.exe

  • Size

    1.2MB

  • Sample

    240926-bqbzgs1hpa

  • MD5

    f5dfde6ad31a771c96b361f25cb13940

  • SHA1

    9331a1f3001723f5019a44c3464bcb82e77af9a2

  • SHA256

    2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84

  • SHA512

    e18b3a9bb4b3fa4051ea7545f986a7c15ac74b40ed4e3a0a773a1deca1ba37844cf00a3e67b36b0cf90d618f9634ee4c8644eb2b65459d0f21698d75010f9bb8

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCHhUCEkrtxt2lajjrZiDPvDJJ/V5Lq970:7JZoQrbTFZY1iaC6krcGrZiDXFJ/j2x0

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84.exe

    • Size

      1.2MB

    • MD5

      f5dfde6ad31a771c96b361f25cb13940

    • SHA1

      9331a1f3001723f5019a44c3464bcb82e77af9a2

    • SHA256

      2b0bcf9e108013c5975c56642984a7e5faec8173b87f6671461c98ed3ba75a84

    • SHA512

      e18b3a9bb4b3fa4051ea7545f986a7c15ac74b40ed4e3a0a773a1deca1ba37844cf00a3e67b36b0cf90d618f9634ee4c8644eb2b65459d0f21698d75010f9bb8

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCHhUCEkrtxt2lajjrZiDPvDJJ/V5Lq970:7JZoQrbTFZY1iaC6krcGrZiDXFJ/j2x0

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks