General

  • Target

    New Order C0038 2024.exe

  • Size

    1.0MB

  • Sample

    241202-qeyfnsvlcz

  • MD5

    35874980a4350138b7e0f84f040f1fc6

  • SHA1

    89d0aadc5630b2e2096c318650f217a6ba43acd2

  • SHA256

    850b8b66acd2856eaa54db6d4de492bb5f3d987019acb6198297d8c561c9087c

  • SHA512

    18a4965e716356a7687b44dc6fd72a9953182d1f52b4e65b0840c7774e8ab1aad4180f84f63ea3c46a87eaae29d3f6c3a838f89bf511f68c7a8f87b0a86dbe55

  • SSDEEP

    24576:6tb20pkaCqT5TBWgNQ7aJzkJXKpDgv2w6A:nVg5tQ7aJzk/P5

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      New Order C0038 2024.exe

    • Size

      1.0MB

    • MD5

      35874980a4350138b7e0f84f040f1fc6

    • SHA1

      89d0aadc5630b2e2096c318650f217a6ba43acd2

    • SHA256

      850b8b66acd2856eaa54db6d4de492bb5f3d987019acb6198297d8c561c9087c

    • SHA512

      18a4965e716356a7687b44dc6fd72a9953182d1f52b4e65b0840c7774e8ab1aad4180f84f63ea3c46a87eaae29d3f6c3a838f89bf511f68c7a8f87b0a86dbe55

    • SSDEEP

      24576:6tb20pkaCqT5TBWgNQ7aJzkJXKpDgv2w6A:nVg5tQ7aJzk/P5

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks