General

  • Target

    7832c592d6a2e403b8323da6b238e789.bin

  • Size

    779KB

  • Sample

    241209-bt9d6askhn

  • MD5

    ab18cdbe69f60bb2c4a2810aa99a783f

  • SHA1

    2fb05d7e7719df9fcda6ffc4db06046068950618

  • SHA256

    e7092bab021210862b9e460c410b597ddb914deb0343369541828e838be431b8

  • SHA512

    ff6afdd6ca0d0fc051ff5e5ce922c870368b147f9ec1e89a84a1926eea5c1f960db1eaaebed3596c48f3bdb0e00da2b13cd571f9b70db7a26ed8fbc1605a96a5

  • SSDEEP

    12288:tELGnaOIhAIa9CCPCPWpptNd8Sa9nDY4izN6/0GmQL0fX+D1XTB1fiv1lxko:tr3Aa9CC6Piptg9URGxLWX4XvfM1lxf

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      3e4a1645de56b2595ebd83686945f60b1fc4242d9dada664ca9ef9d6c3f8659f.exe

    • Size

      77.0MB

    • MD5

      7832c592d6a2e403b8323da6b238e789

    • SHA1

      1b0a4f33ed26e9284d3a93b7a119a895eb12c0f2

    • SHA256

      3e4a1645de56b2595ebd83686945f60b1fc4242d9dada664ca9ef9d6c3f8659f

    • SHA512

      aa38396cb18fb5c7cae17413f42b6d3ee15adc82dc5a02513bd430c27f774433186f781cada07d6709d93448404fbdae179cf018144fbf2bfff1405330cbeb09

    • SSDEEP

      24576:1u6J33O0c+JY5UZ+XC0kGso6Fac1HJWnny4sd09pWiszrWY:Xu0c++OCvkGs9FacdJ6VpWiXY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks