General

  • Target

    4b7224e2ef816708dd67a74f1cb422b0d06da9201555a19dc65f614088cf73c9N

  • Size

    422KB

  • Sample

    240930-bsd7mavcmd

  • MD5

    e3eae1b0be50a137a3cffa184ea452b0

  • SHA1

    d5fa5caaa57bd916c52801ca76f13d71b2d25b77

  • SHA256

    4b7224e2ef816708dd67a74f1cb422b0d06da9201555a19dc65f614088cf73c9

  • SHA512

    50053ee36efd0dab7a107753d042a7c84a43066d39723d7b104b962f797c843decf947ff414b89ff892f9ffda0d9519b7b98d84e3fcf935da0ce8bed339f462f

  • SSDEEP

    12288:FDf0Cm2MGeKbl0rDhO7eWDMp/EqdEkfkxksRM7yuYzup/:1RLeKbGlceiMH8Pey1c/

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      TLS20242025.exe

    • Size

      898KB

    • MD5

      bfabeaf94d00b7c6b4af9aa3463ff5a5

    • SHA1

      0d9341d70a1e7e90c62ebcef43d1fcd2cf1b3506

    • SHA256

      e03a2edda2530392f416b8d64b85a3ae890120e6c6d08317d21ac133576cb45d

    • SHA512

      7058bf27c2fb70b564d2ac56a6be82b894abf911167c5d979049cf73c7ecd512ae392f84341d837747f0ba19428ae83c546c0e3e1727c0faad72f63bf47c6cf1

    • SSDEEP

      12288:nQTfnBGYPexcjnR+iBlVDruhxBdae9yAaeNhmXGj4qSOU:4BGYWxcjRJPruhxBzUAi1zOU

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks