General
-
Target
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155.exe
-
Size
679KB
-
Sample
241119-gkdh1s1hqj
-
MD5
1edf5823d724ea8da51a635e8cba968c
-
SHA1
368fd1f557e1ebec00d0ae97b6c86be091f95e19
-
SHA256
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155
-
SHA512
393b896efe7ab9debfcc9c774a766db1a304d58fc6fe74a09a7d36c495a4aeaefc4072244886f88a65737141bfc7def98ae4e2f0eff89d1ed48e41aac8b3b91f
-
SSDEEP
12288:YGPg/s0yuAt682LufMeJidMx6U0/OQEGzhy6KL2FJKU/InxCQYHoXTZ:CrA8mfMeJidMAUEOQEGlKonYxJYHC
Static task
static1
Behavioral task
behavioral1
Sample
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155.exe
-
Size
679KB
-
MD5
1edf5823d724ea8da51a635e8cba968c
-
SHA1
368fd1f557e1ebec00d0ae97b6c86be091f95e19
-
SHA256
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155
-
SHA512
393b896efe7ab9debfcc9c774a766db1a304d58fc6fe74a09a7d36c495a4aeaefc4072244886f88a65737141bfc7def98ae4e2f0eff89d1ed48e41aac8b3b91f
-
SSDEEP
12288:YGPg/s0yuAt682LufMeJidMx6U0/OQEGzhy6KL2FJKU/InxCQYHoXTZ:CrA8mfMeJidMAUEOQEGlKonYxJYHC
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2