General
-
Target
b98dd577f47b81df90226bd02f9375a77bd791aeb680440ded3c93b77698b751.exe
-
Size
815KB
-
Sample
241122-hppmhswlav
-
MD5
4b95d663a28624b2651ef09806d6f999
-
SHA1
bfb4c6ceba8957ac481083a009545ce2ab754ff0
-
SHA256
b98dd577f47b81df90226bd02f9375a77bd791aeb680440ded3c93b77698b751
-
SHA512
13e2b66b940480d4173cb7cfa0c872664bc2d862d9de09a21a2bc2bbbe2a48d2f26ed73d86a0096e44e0d7ae42fc74474a37a007cac592ed3c7e79cbf4680516
-
SSDEEP
24576:XsTo7do5wpkCEG9vG+3rG9SOSEHKpwsuv:A75CF9vGpHGwsG
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
b98dd577f47b81df90226bd02f9375a77bd791aeb680440ded3c93b77698b751.exe
-
Size
815KB
-
MD5
4b95d663a28624b2651ef09806d6f999
-
SHA1
bfb4c6ceba8957ac481083a009545ce2ab754ff0
-
SHA256
b98dd577f47b81df90226bd02f9375a77bd791aeb680440ded3c93b77698b751
-
SHA512
13e2b66b940480d4173cb7cfa0c872664bc2d862d9de09a21a2bc2bbbe2a48d2f26ed73d86a0096e44e0d7ae42fc74474a37a007cac592ed3c7e79cbf4680516
-
SSDEEP
24576:XsTo7do5wpkCEG9vG+3rG9SOSEHKpwsuv:A75CF9vGpHGwsG
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2