General

  • Target

    96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93.exe

  • Size

    700KB

  • Sample

    240926-chal5a1bnp

  • MD5

    9d2a73cf8ebd46cc833de56c9940d0b7

  • SHA1

    b5b76de46b9d3175c21dc5963fa5c3e85ca29996

  • SHA256

    96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93

  • SHA512

    c7bf6b079f7d894c9fefe4c17449c76f8b9533f11521b66b4ceb7c1d9f03b2cad3bf727a56ea0b7ec6105d0f4bc91a8dae7f44dab07a193cb458e22dd3b1dc6f

  • SSDEEP

    12288:Gd71xg6zxcZOtyG5t4naxZvbUL0YIevp5sFy446x/pVM876/pBL0Of+E1pDjw:v6ziZGgnax9bUL0Cvok44ALL0fzf1U

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93.exe

    • Size

      700KB

    • MD5

      9d2a73cf8ebd46cc833de56c9940d0b7

    • SHA1

      b5b76de46b9d3175c21dc5963fa5c3e85ca29996

    • SHA256

      96a414f408bf9ccc9b692b2dc5a4faa115e752edecdd5f2292c3135eee522b93

    • SHA512

      c7bf6b079f7d894c9fefe4c17449c76f8b9533f11521b66b4ceb7c1d9f03b2cad3bf727a56ea0b7ec6105d0f4bc91a8dae7f44dab07a193cb458e22dd3b1dc6f

    • SSDEEP

      12288:Gd71xg6zxcZOtyG5t4naxZvbUL0YIevp5sFy446x/pVM876/pBL0Of+E1pDjw:v6ziZGgnax9bUL0Cvok44ALL0fzf1U

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks