General

  • Target

    ba23834b70ee4feb3f4cf12c7d19d7472d6f025c07d5781a07fa681dd3b41b86.exe

  • Size

    77.0MB

  • Sample

    241205-t43cpsypap

  • MD5

    2e5d4eae567cc6db52dbc9f7ca1369da

  • SHA1

    8720c5eeacbbbb280876bae98ccefb25416e1c33

  • SHA256

    ba23834b70ee4feb3f4cf12c7d19d7472d6f025c07d5781a07fa681dd3b41b86

  • SHA512

    9a15093fbfec4068755646b333a767109a1039a0291a73f9ed31b3a2369bd94b4fb67e0802fc7374fcd75e1b0db6235acee4c0230011cb802453a0f1d2a1fca2

  • SSDEEP

    24576:/tb20pkaCqT5TBWgNQ7aVK2aU6B8NRum6A:8Vg5tQ7aVnNH5

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      ba23834b70ee4feb3f4cf12c7d19d7472d6f025c07d5781a07fa681dd3b41b86.exe

    • Size

      77.0MB

    • MD5

      2e5d4eae567cc6db52dbc9f7ca1369da

    • SHA1

      8720c5eeacbbbb280876bae98ccefb25416e1c33

    • SHA256

      ba23834b70ee4feb3f4cf12c7d19d7472d6f025c07d5781a07fa681dd3b41b86

    • SHA512

      9a15093fbfec4068755646b333a767109a1039a0291a73f9ed31b3a2369bd94b4fb67e0802fc7374fcd75e1b0db6235acee4c0230011cb802453a0f1d2a1fca2

    • SSDEEP

      24576:/tb20pkaCqT5TBWgNQ7aVK2aU6B8NRum6A:8Vg5tQ7aVnNH5

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks