General

  • Target

    C0R102410T20883910.eml

  • Size

    2.2MB

  • Sample

    241022-fhqvwsycma

  • MD5

    de2cc1826ccfca33a2c14233143eadab

  • SHA1

    ea4bbaa9fc6acba05aa0a9fc7f64084e9adcc83a

  • SHA256

    fd31fd4c408513f03ec0a24ec323a470d8efdc046e38cd45bc0a7ec88e084a7d

  • SHA512

    045b35fb32ad7bcf1c16bb04ecd306fce5c627f885c8ff59e5ab9d0d400b4477bf7e6047b524049d97635b01d984a81955d915d4872d9417666240b1d69d550d

  • SSDEEP

    24576:EVC1jZixZZsGP+zbIU9ixa80ChBCfYT4d4SAjHpSseAycWVvk2kp+Rq:f0xzCsa80aBCfuhSTAycyc5/

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Zahlung,jpg.exe

    • Size

      1.1MB

    • MD5

      3416c390fb272a17a1c1a796411c5afe

    • SHA1

      a9b9134c22add2a45732e8886f439b2d7ef28942

    • SHA256

      f3024f40a06568ae85fb111a6f93923437951b6720f84f8a06c1ce9d21af5c83

    • SHA512

      f0d364223f65788b2584fd2dc83c0e04d16f9d60b3d911853914a46401ad6621952568d2d97075f4989a2524f9b1d71ac37cb7b897b32a671ac233f4a66e4214

    • SSDEEP

      12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLNy7DEv/EE8l5HhqvtY9rzS+6iGNevT:ffmMv6Ckr7Mny5QL93Mdqv4re+6ut

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks