General

  • Target

    23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c.exe

  • Size

    902KB

  • Sample

    241126-cne4ssymht

  • MD5

    fa02056b1a21f75efabdda81219fb7db

  • SHA1

    3e8dd711bfef09d2db54af75476765d85693c756

  • SHA256

    23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c

  • SHA512

    af4c4a9d7e6ede0026548136fa4b7c37f8298d055a835a56baf9795bc5b0b3a034a5e2dd2592476c3479fe8b23da338ad615144a91a61b3a47dd6bee00de8088

  • SSDEEP

    24576:ZX22KSCC4VSi/kKJfaklq2E3l8Et2F2Yurik:9ylCQLJfaklc3uEtUWT

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c.exe

    • Size

      902KB

    • MD5

      fa02056b1a21f75efabdda81219fb7db

    • SHA1

      3e8dd711bfef09d2db54af75476765d85693c756

    • SHA256

      23be2a96f4c15306083c180774452e11f42837e297627cd33ad5a9708953cd4c

    • SHA512

      af4c4a9d7e6ede0026548136fa4b7c37f8298d055a835a56baf9795bc5b0b3a034a5e2dd2592476c3479fe8b23da338ad615144a91a61b3a47dd6bee00de8088

    • SSDEEP

      24576:ZX22KSCC4VSi/kKJfaklq2E3l8Et2F2Yurik:9ylCQLJfaklc3uEtUWT

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks