General

  • Target

    07b7893fd55f0b3a12d3909af01c3cf490667b3bdcdfd4cddf69a3137d06ebd6

  • Size

    1.1MB

  • Sample

    241206-syy8eszngp

  • MD5

    9841a84f5212786b4817a31606a52bb5

  • SHA1

    bcfe6a3519ffb3befde5b76c222cfbc23bfbf862

  • SHA256

    07b7893fd55f0b3a12d3909af01c3cf490667b3bdcdfd4cddf69a3137d06ebd6

  • SHA512

    2c1698cb058e519c561dc662d5969d7a78af343ae0b6516e25fe3bab0a41ae24bc68662b0f0127b6f0fa9ebafb936879d32895f64f2636e02e288b3af9997a39

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QL+7NcN+VNwAC+inTnjoG+:f3v+7/5QLiNi+Vqb+iTnjoG+

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      07b7893fd55f0b3a12d3909af01c3cf490667b3bdcdfd4cddf69a3137d06ebd6

    • Size

      1.1MB

    • MD5

      9841a84f5212786b4817a31606a52bb5

    • SHA1

      bcfe6a3519ffb3befde5b76c222cfbc23bfbf862

    • SHA256

      07b7893fd55f0b3a12d3909af01c3cf490667b3bdcdfd4cddf69a3137d06ebd6

    • SHA512

      2c1698cb058e519c561dc662d5969d7a78af343ae0b6516e25fe3bab0a41ae24bc68662b0f0127b6f0fa9ebafb936879d32895f64f2636e02e288b3af9997a39

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QL+7NcN+VNwAC+inTnjoG+:f3v+7/5QLiNi+Vqb+iTnjoG+

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks