General

  • Target

    bcf978c4466179a2829f9fc0c0aa8da26ac0886ee12ac2d346fe497413848c7a.exe

  • Size

    77.0MB

  • Sample

    241206-dq2agsxndw

  • MD5

    cc2387cb96f6a5ecfdac2cd576ccdc79

  • SHA1

    afb62d3e60b92e2659ac62f1b72df0340709a192

  • SHA256

    bcf978c4466179a2829f9fc0c0aa8da26ac0886ee12ac2d346fe497413848c7a

  • SHA512

    ed4c85113017fd9e9f7966962841d086d4baf5e4da0180ebd3f756b55937d3b5505c0a1dcb7c60f47dd68ef16fffdb18d792ab8320860035555cb6d08a2b435f

  • SSDEEP

    12288:vtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaA79AAROhq3uCk4No6A:vtb20pkaCqT5TBWgNQ7aA9Am3xkIo6A

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      bcf978c4466179a2829f9fc0c0aa8da26ac0886ee12ac2d346fe497413848c7a.exe

    • Size

      77.0MB

    • MD5

      cc2387cb96f6a5ecfdac2cd576ccdc79

    • SHA1

      afb62d3e60b92e2659ac62f1b72df0340709a192

    • SHA256

      bcf978c4466179a2829f9fc0c0aa8da26ac0886ee12ac2d346fe497413848c7a

    • SHA512

      ed4c85113017fd9e9f7966962841d086d4baf5e4da0180ebd3f756b55937d3b5505c0a1dcb7c60f47dd68ef16fffdb18d792ab8320860035555cb6d08a2b435f

    • SSDEEP

      12288:vtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaA79AAROhq3uCk4No6A:vtb20pkaCqT5TBWgNQ7aA9Am3xkIo6A

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks