General

  • Target

    17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exe

  • Size

    203KB

  • Sample

    241110-ttb3rszgpk

  • MD5

    57f9217497b0f8daa668ac390d818618

  • SHA1

    e31746b3320a8b5198d940325b8f37513286168e

  • SHA256

    a0a8c4d0447fda69b4cddabd2fd98542efe3b1e410186547422e5f8a4fc31c22

  • SHA512

    ff153be7cbc39c0b9b143652460493e2f947f5ffb5dda29ded558d0c6957ba8a789112079d94c22a1fdc52dcb53841d67a5defe513b8ff8c9061f5de2f0f2b19

  • SSDEEP

    3072:dJDKW1LgppLRHMY0TBfJvjcTp5XdAYjb+uF4o8E6cPa7bYL:dJDKW1Lgbdl0TBBvjc/dZf+uH8by4bk

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exe

    • Size

      203KB

    • MD5

      57f9217497b0f8daa668ac390d818618

    • SHA1

      e31746b3320a8b5198d940325b8f37513286168e

    • SHA256

      a0a8c4d0447fda69b4cddabd2fd98542efe3b1e410186547422e5f8a4fc31c22

    • SHA512

      ff153be7cbc39c0b9b143652460493e2f947f5ffb5dda29ded558d0c6957ba8a789112079d94c22a1fdc52dcb53841d67a5defe513b8ff8c9061f5de2f0f2b19

    • SSDEEP

      3072:dJDKW1LgppLRHMY0TBfJvjcTp5XdAYjb+uF4o8E6cPa7bYL:dJDKW1Lgbdl0TBBvjc/dZf+uH8by4bk

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks