General

  • Target

    96134c810750cc56e372551f8070f06aee80ae0cc8eeac983502d6b8f66c77df.exe

  • Size

    272KB

  • Sample

    240928-w8ajlashle

  • MD5

    b046211fe3f420a9ceb7663a560ece96

  • SHA1

    785a1cff39f2a75cbfffed3d718e9e026b3c80a1

  • SHA256

    96134c810750cc56e372551f8070f06aee80ae0cc8eeac983502d6b8f66c77df

  • SHA512

    5a0fc701606682de24dfc1b8408b6d7c13205952128b211b9b7ef11a97871f2590d7c705b4032eab6a5661a1295fe4bc8bb58418b68e999e8fdd315009ca7eb3

  • SSDEEP

    3072:lL6hDp5qqQjolo+XgVfXACCBc9jKnfL83mwnbItgQ2eXPs0lUY/VgMiObbY:gn5wnb+gWxb

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      96134c810750cc56e372551f8070f06aee80ae0cc8eeac983502d6b8f66c77df.exe

    • Size

      272KB

    • MD5

      b046211fe3f420a9ceb7663a560ece96

    • SHA1

      785a1cff39f2a75cbfffed3d718e9e026b3c80a1

    • SHA256

      96134c810750cc56e372551f8070f06aee80ae0cc8eeac983502d6b8f66c77df

    • SHA512

      5a0fc701606682de24dfc1b8408b6d7c13205952128b211b9b7ef11a97871f2590d7c705b4032eab6a5661a1295fe4bc8bb58418b68e999e8fdd315009ca7eb3

    • SSDEEP

      3072:lL6hDp5qqQjolo+XgVfXACCBc9jKnfL83mwnbItgQ2eXPs0lUY/VgMiObbY:gn5wnb+gWxb

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks