General

  • Target

    SFLOP990M3PO.exe

  • Size

    1.2MB

  • Sample

    241022-kbeaqsxhrq

  • MD5

    5100ffb5732522b4d405d604668edf35

  • SHA1

    4b0b723f85e9d8368cc34032113084c72b29c7f0

  • SHA256

    9b207d1fe6c002c75ad9a0ae8ee791e42790a027b2087bdf408a5b967e4cb3d2

  • SHA512

    6355a9ae0ca925abb1a8cdc4cd20193f0e8040425eb6f6aebcc66818b0554e7c264c5ab3ddf84dace30ccbb65f130dad3d56bcb01c35143ed11dbcc9e2dba9e1

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLvVjiIG8tZbTergejda0eZhVR+J8Fl34S:f3v+7/5QL7Xiy3V0WoS

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      SFLOP990M3PO.exe

    • Size

      1.2MB

    • MD5

      5100ffb5732522b4d405d604668edf35

    • SHA1

      4b0b723f85e9d8368cc34032113084c72b29c7f0

    • SHA256

      9b207d1fe6c002c75ad9a0ae8ee791e42790a027b2087bdf408a5b967e4cb3d2

    • SHA512

      6355a9ae0ca925abb1a8cdc4cd20193f0e8040425eb6f6aebcc66818b0554e7c264c5ab3ddf84dace30ccbb65f130dad3d56bcb01c35143ed11dbcc9e2dba9e1

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLvVjiIG8tZbTergejda0eZhVR+J8Fl34S:f3v+7/5QL7Xiy3V0WoS

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks