General

  • Target

    f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09.exe

  • Size

    3.2MB

  • Sample

    241115-dprdws1qdq

  • MD5

    82471b3787ef695d285be55dff2da55e

  • SHA1

    bdcb155617a142d58fbf999b40025be6afb6d6db

  • SHA256

    f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09

  • SHA512

    3ad715a17dc749571ff1c596eebcf9209a635188c67a5ced2ff9a1409a6646b8f92412e617705e0d65c54e12bbc16aa2e678bae8df9aa22474da73b23a7fe8ed

  • SSDEEP

    12288:wQTWpMqvK0cRee6212DoNPqal+9RQ4MHEFydmk38wy1mv0+iETXO7yHKNKA:wQSMocRq21PDltzHEo38dg8KX6b4A

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09.exe

    • Size

      3.2MB

    • MD5

      82471b3787ef695d285be55dff2da55e

    • SHA1

      bdcb155617a142d58fbf999b40025be6afb6d6db

    • SHA256

      f5bc7adbafcdda9eb45ed75951bfe9de3f4d06cb56e70fb32b805ddad724fe09

    • SHA512

      3ad715a17dc749571ff1c596eebcf9209a635188c67a5ced2ff9a1409a6646b8f92412e617705e0d65c54e12bbc16aa2e678bae8df9aa22474da73b23a7fe8ed

    • SSDEEP

      12288:wQTWpMqvK0cRee6212DoNPqal+9RQ4MHEFydmk38wy1mv0+iETXO7yHKNKA:wQSMocRq21PDltzHEo38dg8KX6b4A

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks