General

  • Target

    Pagamentojpg.exe

  • Size

    1.1MB

  • Sample

    241204-fj5qfaykak

  • MD5

    0659e8150d35108cc2573e5b1078b26b

  • SHA1

    ee77434a856c417591cc1e70fff55891d29b73cd

  • SHA256

    1969889d88e2f49a75bdfb922352df56320fdfa87c77f90bc22a82576ef7ad03

  • SHA512

    d74288d59c719681e91d144329bbc4c557fbc1d21deafc6412f3dcb0ba1e572754dab32a5baf173946ec9212d8eef4a1c974ff5189ed0226cac429d986885aa8

  • SSDEEP

    24576:Mu6J33O0c+JY5UZ+XC0kGso6Fan+UtnOl4UlraWY:Wu0c++OCvkGs9Fan+Ux6Y

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Pagamentojpg.exe

    • Size

      1.1MB

    • MD5

      0659e8150d35108cc2573e5b1078b26b

    • SHA1

      ee77434a856c417591cc1e70fff55891d29b73cd

    • SHA256

      1969889d88e2f49a75bdfb922352df56320fdfa87c77f90bc22a82576ef7ad03

    • SHA512

      d74288d59c719681e91d144329bbc4c557fbc1d21deafc6412f3dcb0ba1e572754dab32a5baf173946ec9212d8eef4a1c974ff5189ed0226cac429d986885aa8

    • SSDEEP

      24576:Mu6J33O0c+JY5UZ+XC0kGso6Fan+UtnOl4UlraWY:Wu0c++OCvkGs9Fan+Ux6Y

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks