General

  • Target

    Płatność 8557899,jpg.exe

  • Size

    1.1MB

  • Sample

    241203-drw26atjfp

  • MD5

    741eea55925237502bf85c1b86e4012b

  • SHA1

    0104879889fd5440e59978a98d6f715fa4a79c86

  • SHA256

    678fa6d49ff14e29a6a534db4ac0ad1f3aa9538101d2b6ed4aef40cedd8b4339

  • SHA512

    ab917b2694b00daeacbda1d82c72259316a4753e991e80ee0f2aa247d7df90268cdf46b27a2b166cfcb36b6ecd0e0ab4476b08aa138a66f0c634bbea100aaeb1

  • SSDEEP

    24576:Hu6J33O0c+JY5UZ+XC0kGso6Fa/tgAKWY:Bu0c++OCvkGs9Fa/tgYY

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Płatność 8557899,jpg.exe

    • Size

      1.1MB

    • MD5

      741eea55925237502bf85c1b86e4012b

    • SHA1

      0104879889fd5440e59978a98d6f715fa4a79c86

    • SHA256

      678fa6d49ff14e29a6a534db4ac0ad1f3aa9538101d2b6ed4aef40cedd8b4339

    • SHA512

      ab917b2694b00daeacbda1d82c72259316a4753e991e80ee0f2aa247d7df90268cdf46b27a2b166cfcb36b6ecd0e0ab4476b08aa138a66f0c634bbea100aaeb1

    • SSDEEP

      24576:Hu6J33O0c+JY5UZ+XC0kGso6Fa/tgAKWY:Bu0c++OCvkGs9Fa/tgYY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks