General

  • Target

    c424ae2e0e7fbe842e8ce8e0c2d36551ce718cda8df23a07b0af790145fcf554.exe

  • Size

    520KB

  • Sample

    241203-dgjzvawqes

  • MD5

    bcda7dfe98c66a21374a3eac66703f68

  • SHA1

    e2113b5764f2fc16c4e1fcae6a214da4d4bb37eb

  • SHA256

    c424ae2e0e7fbe842e8ce8e0c2d36551ce718cda8df23a07b0af790145fcf554

  • SHA512

    4a3d54636e3c773b11de017f956a2d2301387b09ea72a3e5517e1596caecd8b750000debfdea216a04f11eb868306c280fc1936f5fee200cf95a62686fbc326d

  • SSDEEP

    12288:aIC0V1TyykYDamTi6kSywWmM7lEFvVPppyoS/B3FYA1Y+:MW1TyykYWmTi6XywWZEFZmz/lJV

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      c424ae2e0e7fbe842e8ce8e0c2d36551ce718cda8df23a07b0af790145fcf554.exe

    • Size

      520KB

    • MD5

      bcda7dfe98c66a21374a3eac66703f68

    • SHA1

      e2113b5764f2fc16c4e1fcae6a214da4d4bb37eb

    • SHA256

      c424ae2e0e7fbe842e8ce8e0c2d36551ce718cda8df23a07b0af790145fcf554

    • SHA512

      4a3d54636e3c773b11de017f956a2d2301387b09ea72a3e5517e1596caecd8b750000debfdea216a04f11eb868306c280fc1936f5fee200cf95a62686fbc326d

    • SSDEEP

      12288:aIC0V1TyykYDamTi6kSywWmM7lEFvVPppyoS/B3FYA1Y+:MW1TyykYWmTi6XywWZEFZmz/lJV

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks