General

  • Target

    5b6955b40c450b03be011b795c8034d211f84ddf4e67e55711d0c86bb92f582a

  • Size

    609KB

  • Sample

    241209-b4khsaxmfs

  • MD5

    21471889a8d88877a678397f29db964e

  • SHA1

    0c328e0a37f2e0f73b5c4a708d90d623931a55c1

  • SHA256

    5b6955b40c450b03be011b795c8034d211f84ddf4e67e55711d0c86bb92f582a

  • SHA512

    ecdce4ce79f134bf651dad0d210bb77eb987bbc6af139b29be1d7f4a6f17d1edfd90dd9183c7eabb777b904732cf614eaf4b2c9485a2dc3809df70935b90d13c

  • SSDEEP

    12288:wd9RjfnrgQ9ob23X/CekkcdQW+TFhLOMrSN73Qmojs4A9:ujfnrbOwXYkar+TbKMMWm

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Payment Slip.exe

    • Size

      1009KB

    • MD5

      d721eab396039744df30c1c4ac89386e

    • SHA1

      db06bcb42971088989f20c795e484611b37b35b0

    • SHA256

      f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7

    • SHA512

      aab9f2ea6979d26df263378e629ff9058652c3622bda8c913968dd45c461d546cf1cbc337387ee344109f0273248476c44640b0e9f14deba944c92fac1f8e226

    • SSDEEP

      24576:Ou6J33O0c+JY5UZ+XC0kGso6Fa4rtKwUtjWWY:Au0c++OCvkGs9Fa4rInTY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks