General
-
Target
295a6bc83e47df3e4ab6349a145c43b464590c91c0a8abb3f9a8cf5df08bab83N
-
Size
547KB
-
Sample
241003-x5j5asseqm
-
MD5
7c9c30680dd2f61cd7f5a93527cd2200
-
SHA1
2f1121e93475e3dba2d25ed10fc8fd1ae3d2e982
-
SHA256
295a6bc83e47df3e4ab6349a145c43b464590c91c0a8abb3f9a8cf5df08bab83
-
SHA512
dd233d82e64c9be1e89d6d6670e0d10e411a82d27205010e98a1a070e01a2a392c1d903749474319bb3a59bc57f0bcf4e829128de5226f51182ef4b962eb819e
-
SSDEEP
6144:UvEN2U+T6i5LirrllHy4HUcMQY6Fn5wnb+gWxb3:GENN+T5xYrllrU7QY6Nb3
Behavioral task
behavioral1
Sample
295a6bc83e47df3e4ab6349a145c43b464590c91c0a8abb3f9a8cf5df08bab83N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
295a6bc83e47df3e4ab6349a145c43b464590c91c0a8abb3f9a8cf5df08bab83N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
295a6bc83e47df3e4ab6349a145c43b464590c91c0a8abb3f9a8cf5df08bab83N
-
Size
547KB
-
MD5
7c9c30680dd2f61cd7f5a93527cd2200
-
SHA1
2f1121e93475e3dba2d25ed10fc8fd1ae3d2e982
-
SHA256
295a6bc83e47df3e4ab6349a145c43b464590c91c0a8abb3f9a8cf5df08bab83
-
SHA512
dd233d82e64c9be1e89d6d6670e0d10e411a82d27205010e98a1a070e01a2a392c1d903749474319bb3a59bc57f0bcf4e829128de5226f51182ef4b962eb819e
-
SSDEEP
6144:UvEN2U+T6i5LirrllHy4HUcMQY6Fn5wnb+gWxb3:GENN+T5xYrllrU7QY6Nb3
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2