General

  • Target

    21102024_1414_21102024_Számla_Fizetes_10212024,jpeg.img

  • Size

    1.6MB

  • Sample

    241021-rkgwjsyejn

  • MD5

    ae598cf628b266d302b59d5f064f3d23

  • SHA1

    b6af8d22a9be0870d5f57a32a5d7a06685eacb41

  • SHA256

    221ed628ba049ebc5eb009564ae118889b14525c4c6c64889f958632be79c74c

  • SHA512

    7f794f4ecdf0a4fedfeda4a6088b6c6ecec4cceaeb4b323bc30d9db18e8d70c7a563281f51114147938b95e4aebf950a085c14404a8b53e9eae9cf861397c192

  • SSDEEP

    24576:2fmMv6Ckr7Mny5QLkRnPXlu+bBPYFFiQlsBO/iX:23v+7/5QLkRPVu+mFRlV

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Számla_Fizetes_10212024,jpeg.exe

    • Size

      1.1MB

    • MD5

      930cee39b4b2316726630447f99c3486

    • SHA1

      c488c6bd9da75f012cec38a2dc7b7137d399050e

    • SHA256

      1a7d14179fee9ad118c1f41edafeac18beff491c680a97503531fa802d0ef306

    • SHA512

      7a3fa1e0fc0c24fefc5b49a9cdf0765a03e13958fb15461823c9c99b96afd4ed33516eab23690152a678c5702c429a5f5e2b69174d6f92d256a1af2ec1d93c69

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLkRnPXlu+bBPYFFiQlsBO/iX3:f3v+7/5QLkRPVu+mFRlVk

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks