General

  • Target

    173127133603e75602cf90c03b229cc07ec4f5c026cad2909c809b767b293bf800a0e9ade9674.dat-decoded.exe

  • Size

    202KB

  • Sample

    241110-zhjw5atqf1

  • MD5

    c0dc27117e14576d09eeb3f5285890fd

  • SHA1

    a635782cc229cc9d78ad2ca07232bc8a9d1e35ea

  • SHA256

    e15f96a8007148677667e284c9047ac9928f979cdf06d371b776816df51ee480

  • SHA512

    70996b34fc2d6094cea47421b2fae5b7f89f6913ee966ab5f0c02b4b294e057646f3eabd6821a5a1f26c602eda17470aa02ace1a396d176512b4532de9cba2e9

  • SSDEEP

    3072:0DKW1LgppLRHMY0TBfJvjcTp5XrkgzXyvf4PUH2weet7bY6:0DKW1Lgbdl0TBBvjc/rkC+QPU7bd

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      173127133603e75602cf90c03b229cc07ec4f5c026cad2909c809b767b293bf800a0e9ade9674.dat-decoded.exe

    • Size

      202KB

    • MD5

      c0dc27117e14576d09eeb3f5285890fd

    • SHA1

      a635782cc229cc9d78ad2ca07232bc8a9d1e35ea

    • SHA256

      e15f96a8007148677667e284c9047ac9928f979cdf06d371b776816df51ee480

    • SHA512

      70996b34fc2d6094cea47421b2fae5b7f89f6913ee966ab5f0c02b4b294e057646f3eabd6821a5a1f26c602eda17470aa02ace1a396d176512b4532de9cba2e9

    • SSDEEP

      3072:0DKW1LgppLRHMY0TBfJvjcTp5XrkgzXyvf4PUH2weet7bY6:0DKW1Lgbdl0TBBvjc/rkC+QPU7bd

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks