General
-
Target
998e109be5cd7e3b3f8f1ee27dd7ce30db60c50f51484b203fad97f82be1840a
-
Size
688KB
-
Sample
241203-l2sfqawkep
-
MD5
80ad9ae5014002eec46312cccfa7ef33
-
SHA1
2744afb6b13db0a5cff36c60a9f13a9bbf6d2cbe
-
SHA256
998e109be5cd7e3b3f8f1ee27dd7ce30db60c50f51484b203fad97f82be1840a
-
SHA512
ef3a6c0068a87f31453bec02ad01ae6ce8c50e34b04b0157c4b76a93106124b62b119ea357d08d3ff5df277ff4509a085c91bb03ab8f71e01310525ade798953
-
SSDEEP
12288:zxG7xPUElGHzO/p2eylwkg20vGXsHiMs9MpPhFE2Z740Rjm:znRzOR2eyCFBiMs9MbWe40R6
Static task
static1
Behavioral task
behavioral1
Sample
PF-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PF-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
PF-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe
-
Size
782KB
-
MD5
028368ea164039476410d99a0c255171
-
SHA1
b0a6c175ad5d3af65ba65909a6f063d0623547de
-
SHA256
61fd5fdd2ecbc361f332c4e23255a0eb6b2fb6f1d3a45403b5248a41185ffa5f
-
SHA512
694941ee1fde12dc831bd41b3c7ed6a6273a90cc061db67ad62c6d765732f1cd7d8585e93ca6036a197193af764f557af77128d078bb81d359cf7f895a1f46c7
-
SSDEEP
24576:LqIeesFjCNxpIt6PS0G7P1AKy45Vf27pjI:WBeu2xpY7P/y43f27pj
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2