General

  • Target

    malw.exe

  • Size

    1.2MB

  • Sample

    241004-psf8waycnb

  • MD5

    5d50b68936da569ae7e46a4a6399661f

  • SHA1

    e6c65e55c1b8e00a28d73a9adc87b7c91bab13a2

  • SHA256

    ca1570ad60f3cd90794acb930a674b5cb584e2e59a9a048a2a9e0f3733667cee

  • SHA512

    7b49db1cd0b94434dd9bf7f78cca036324dbd51729df34fb5e01b0e38dafedb5fd5af479d42595d0d800ed33f6125c72b085b0d4e6421a2a65164da2961c36a0

  • SSDEEP

    24576:WfmMv6Ckr7Mny5QEGquoFvgfx2D14XhmpYLaEvR/e6dN:W3v+7/5QEGqEkDKhB1RGeN

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      malw.exe

    • Size

      1.2MB

    • MD5

      5d50b68936da569ae7e46a4a6399661f

    • SHA1

      e6c65e55c1b8e00a28d73a9adc87b7c91bab13a2

    • SHA256

      ca1570ad60f3cd90794acb930a674b5cb584e2e59a9a048a2a9e0f3733667cee

    • SHA512

      7b49db1cd0b94434dd9bf7f78cca036324dbd51729df34fb5e01b0e38dafedb5fd5af479d42595d0d800ed33f6125c72b085b0d4e6421a2a65164da2961c36a0

    • SSDEEP

      24576:WfmMv6Ckr7Mny5QEGquoFvgfx2D14XhmpYLaEvR/e6dN:W3v+7/5QEGqEkDKhB1RGeN

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks