General

  • Target

    22102024_1612_22102024_Zahlung.img

  • Size

    1.6MB

  • Sample

    241022-trljeswcln

  • MD5

    8b48b893e09ce1222442c07ff7043ffb

  • SHA1

    a5a7c061c843929240ba2d70a8b8a287a60b083a

  • SHA256

    e23e3900231348d1bf90979e0287d78cc34f53b513fb46f2410391548c9b7dac

  • SHA512

    a6bb1e79858ba474fc9836f4640764b57e528245118d277426d06b055eb22a910b2a868dd7f9976ac22166430d2f3296d0644dcee02364dabc4ba379706f13fe

  • SSDEEP

    12288:ELkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLNy7DEv/EE8l5HhqvtY9rzS+6iGNev1:6fmMv6Ckr7Mny5QL93Mdqv4re+6u

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Zahlung,jpg.exe

    • Size

      1.1MB

    • MD5

      3416c390fb272a17a1c1a796411c5afe

    • SHA1

      a9b9134c22add2a45732e8886f439b2d7ef28942

    • SHA256

      f3024f40a06568ae85fb111a6f93923437951b6720f84f8a06c1ce9d21af5c83

    • SHA512

      f0d364223f65788b2584fd2dc83c0e04d16f9d60b3d911853914a46401ad6621952568d2d97075f4989a2524f9b1d71ac37cb7b897b32a671ac233f4a66e4214

    • SSDEEP

      12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLNy7DEv/EE8l5HhqvtY9rzS+6iGNevT:ffmMv6Ckr7Mny5QL93Mdqv4re+6ut

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks