General

  • Target

    8db24332a5fab95f955dafe3fcac34cf932d9d0afa6b6d3a2406cc09304171b9

  • Size

    1.5MB

  • Sample

    241003-m8jb3a1alf

  • MD5

    4e78f6aefc51d6c727cb3c1e4bf0fb81

  • SHA1

    7fa38adc2c202186ff20386b4e2e5243b202b81b

  • SHA256

    8db24332a5fab95f955dafe3fcac34cf932d9d0afa6b6d3a2406cc09304171b9

  • SHA512

    2a94650ec86f1b96ff39b6c6664c845264795a9277d88c03704d0352af6b0713a92b03ca2dbd02c00891e5993ee8f65e8217259a41e0a181e75e8093840534d8

  • SSDEEP

    24576:b062cSEk8zNlLvC3nrOvC/RTXn036CcS2X9+R3qYpsSMZoCM+GjhHBATdI:A6PayQrlRjc6phQ8SM/GvAe

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      8db24332a5fab95f955dafe3fcac34cf932d9d0afa6b6d3a2406cc09304171b9

    • Size

      1.5MB

    • MD5

      4e78f6aefc51d6c727cb3c1e4bf0fb81

    • SHA1

      7fa38adc2c202186ff20386b4e2e5243b202b81b

    • SHA256

      8db24332a5fab95f955dafe3fcac34cf932d9d0afa6b6d3a2406cc09304171b9

    • SHA512

      2a94650ec86f1b96ff39b6c6664c845264795a9277d88c03704d0352af6b0713a92b03ca2dbd02c00891e5993ee8f65e8217259a41e0a181e75e8093840534d8

    • SSDEEP

      24576:b062cSEk8zNlLvC3nrOvC/RTXn036CcS2X9+R3qYpsSMZoCM+GjhHBATdI:A6PayQrlRjc6phQ8SM/GvAe

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks