General

  • Target

    8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271.exe

  • Size

    646KB

  • Sample

    241204-dd6z7stmcl

  • MD5

    8ae914653340ef79bbf6c39eaf259e16

  • SHA1

    7b74c24e74bdb4837ebf448362dd2d261843e833

  • SHA256

    8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271

  • SHA512

    e6e91013a45ea11451634c0fd5215a72be9a17c7e0cc3984c7b5a1120fee57cb5796d7884ba11ede95f068960646dc73cd6df44053cd41293d51a09e137b01fb

  • SSDEEP

    12288:pjBR3Lxt5wW1oLiLud/6w3ZJPAJBom1M8E16YdL7Dd3i6:pdvT96Pd/ex1Mt16YdLl3z

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271.exe

    • Size

      646KB

    • MD5

      8ae914653340ef79bbf6c39eaf259e16

    • SHA1

      7b74c24e74bdb4837ebf448362dd2d261843e833

    • SHA256

      8bc4c184f461f92d95fd52ca1e1224fb3f3a905b3f8516211f47903a61cea271

    • SHA512

      e6e91013a45ea11451634c0fd5215a72be9a17c7e0cc3984c7b5a1120fee57cb5796d7884ba11ede95f068960646dc73cd6df44053cd41293d51a09e137b01fb

    • SSDEEP

      12288:pjBR3Lxt5wW1oLiLud/6w3ZJPAJBom1M8E16YdL7Dd3i6:pdvT96Pd/ex1Mt16YdLl3z

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks