General

  • Target

    04122024_0646_Pagamento,jpg.exe.iso

  • Size

    1.6MB

  • Sample

    241204-hj451s1qep

  • MD5

    f12daa27cf77c8cae0cd0a415d0e76dd

  • SHA1

    4de06763658032f62db06dc8d79c23bc864bb78f

  • SHA256

    712cd0ffce6bdb218f40c8dbf2fc0ae374ee48f40703c55863dfa9eac3c864d9

  • SHA512

    d08f49b43c169afc8732665fbcc677000d14d338ba895df046b68453592d16c394a2c8b37b9f2c6263b2b30a8b62129296ddef49fd53b15f9e009d7f6457399b

  • SSDEEP

    24576:Ju6J33O0c+JY5UZ+XC0kGso6Fan+UtnOl4UlraWY:ru0c++OCvkGs9Fan+Ux6Y

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Pagamento,jpg.exe

    • Size

      1.1MB

    • MD5

      0659e8150d35108cc2573e5b1078b26b

    • SHA1

      ee77434a856c417591cc1e70fff55891d29b73cd

    • SHA256

      1969889d88e2f49a75bdfb922352df56320fdfa87c77f90bc22a82576ef7ad03

    • SHA512

      d74288d59c719681e91d144329bbc4c557fbc1d21deafc6412f3dcb0ba1e572754dab32a5baf173946ec9212d8eef4a1c974ff5189ed0226cac429d986885aa8

    • SSDEEP

      24576:Mu6J33O0c+JY5UZ+XC0kGso6Fan+UtnOl4UlraWY:Wu0c++OCvkGs9Fan+Ux6Y

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks