General

  • Target

    FIZETESI.EXE.exe

  • Size

    1.0MB

  • Sample

    241113-l6sbhssrgr

  • MD5

    11cb76a19262b6b580ac914cc91a162a

  • SHA1

    3b7c7012c38632f4e5c8e44665ed8fce5c71d42d

  • SHA256

    6c6df909a12aa572bc7f7ba7a1274503a8f3860fec5223f08017e51f2d2fb9a5

  • SHA512

    c71388dc7ca7f4e9a0a1cecf6ea6f28fadd4a7682fe455408365824eb8a2c702813eb72917372c8b655b8be0b9d565dbde81fb1ae565fc2f8cc8550e26af96ad

  • SSDEEP

    24576:2tb20pkaCqT5TBWgNQ7aCleJBY0Agl6A:jVg5tQ7aCkZ5

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      FIZETESI.EXE.exe

    • Size

      1.0MB

    • MD5

      11cb76a19262b6b580ac914cc91a162a

    • SHA1

      3b7c7012c38632f4e5c8e44665ed8fce5c71d42d

    • SHA256

      6c6df909a12aa572bc7f7ba7a1274503a8f3860fec5223f08017e51f2d2fb9a5

    • SHA512

      c71388dc7ca7f4e9a0a1cecf6ea6f28fadd4a7682fe455408365824eb8a2c702813eb72917372c8b655b8be0b9d565dbde81fb1ae565fc2f8cc8550e26af96ad

    • SSDEEP

      24576:2tb20pkaCqT5TBWgNQ7aCleJBY0Agl6A:jVg5tQ7aCkZ5

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks