General

  • Target

    8953cdfa677771f8ca1e0c993d291380412968d7d0d13130c7304aafb53eada7.exe

  • Size

    203KB

  • Sample

    241111-pbj87sygmr

  • MD5

    c80e632deed2cacb73d808e58f8f3170

  • SHA1

    fee007ad6de50b2b671b9b8fd11a48d5a54eb7d5

  • SHA256

    8953cdfa677771f8ca1e0c993d291380412968d7d0d13130c7304aafb53eada7

  • SHA512

    653b83a39c3cff637348c054ca98d02023860ed35933309892358a5611df3ca0ec4b14bfbb8b5399dda2b512943d34103678e19846d37f1434d2c5b4244582c4

  • SSDEEP

    3072:dJDKW1LgppLRHMY0TBfJvjcTp5XdAYjb+uF4o8E6cPa7bYJ:dJDKW1Lgbdl0TBBvjc/dZf+uH8by4b8

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      8953cdfa677771f8ca1e0c993d291380412968d7d0d13130c7304aafb53eada7.exe

    • Size

      203KB

    • MD5

      c80e632deed2cacb73d808e58f8f3170

    • SHA1

      fee007ad6de50b2b671b9b8fd11a48d5a54eb7d5

    • SHA256

      8953cdfa677771f8ca1e0c993d291380412968d7d0d13130c7304aafb53eada7

    • SHA512

      653b83a39c3cff637348c054ca98d02023860ed35933309892358a5611df3ca0ec4b14bfbb8b5399dda2b512943d34103678e19846d37f1434d2c5b4244582c4

    • SSDEEP

      3072:dJDKW1LgppLRHMY0TBfJvjcTp5XdAYjb+uF4o8E6cPa7bYJ:dJDKW1Lgbdl0TBBvjc/dZf+uH8by4b8

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks