General

  • Target

    Piraeus Payment 11.11.2024.xxe

  • Size

    855KB

  • Sample

    241111-m1wx7a1rgn

  • MD5

    dbf29413335ccddbfc4bdb23d86e1206

  • SHA1

    6f3ce36a81dec73fd2d0f1b8a2afe3b2f8bccd3f

  • SHA256

    8036faeb2f086093760e69922e164f15bc4af81c25441251d9dfb2b4c10b6628

  • SHA512

    25bf4fa9cd4cbbc7afa68956a1569f307752bb8409b2d675b201f5e9a8208cc845b61cd780e9e8f3d705c1541437939687bb2bb3a25092d157a681b2f46d8b46

  • SSDEEP

    24576:wqvBvU4BlYQNAE5n59OjRdbx8Livcnu4T:wqeaYQv55UNdeuev

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Piraeus Payment 11.11.2024.bat

    • Size

      77.0MB

    • MD5

      6ec59574b2c103bebf0e1eb8581a7e72

    • SHA1

      3e535f051221d7224ba3dc3ed82348b3878229cc

    • SHA256

      1156bb4a48995534cffe5910ea49b3bd5b5b50d60721adbfc191af0cce5f1ce6

    • SHA512

      4a414429d2b3d785b2fee33e12e6fc9734cf8898a8de2eb838007885759465d4bf25569547c2769eadb07f223a81bd5decc07ff2ee5511d419d2343f6bea2001

    • SSDEEP

      24576:65EmXFtKaL4/oFe5T9yyXYfP1ijXdaK9blP/4FmqIMCsFEAaJpSZ:6PVt/LZeJbInQRaK9xP/4VCZp

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks