General

  • Target

    466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60.exe

  • Size

    1.0MB

  • Sample

    241207-jybmpayrbp

  • MD5

    da3926cb64db293c3c28b5f4b5d7513d

  • SHA1

    ab7b81fe3ec60f3e5e909c7acbb214ff7117e59d

  • SHA256

    466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60

  • SHA512

    4b2b9289fb737f453861354c7db19fbd515012773e84621f08cdf34ab0ee37c7b6cfda387e26e7af241cf384daa038601d31607ca78ebd653303e6c348dafc8b

  • SSDEEP

    24576:Ij+E5UmQgGxoeTKDCAJvxADGSifhNwmNG3Ap137dboaPjyMi76KbC:Y+HmWxKDCA9fQt3IRM+i769

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60.exe

    • Size

      1.0MB

    • MD5

      da3926cb64db293c3c28b5f4b5d7513d

    • SHA1

      ab7b81fe3ec60f3e5e909c7acbb214ff7117e59d

    • SHA256

      466477a865e877d551ad3bb08a5838ad4a44e59f2780cfc57e095747cbf1df60

    • SHA512

      4b2b9289fb737f453861354c7db19fbd515012773e84621f08cdf34ab0ee37c7b6cfda387e26e7af241cf384daa038601d31607ca78ebd653303e6c348dafc8b

    • SSDEEP

      24576:Ij+E5UmQgGxoeTKDCAJvxADGSifhNwmNG3Ap137dboaPjyMi76KbC:Y+HmWxKDCA9fQt3IRM+i769

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks