General

  • Target

    5a7861eb0fe3a27d6d62d163ca81f35e2118de802fc9b52c45ddf7370eab621b

  • Size

    721KB

  • Sample

    241209-c7s5rstkfp

  • MD5

    05488807d77c5d1c9dd57a35769cc373

  • SHA1

    0ce22ba2da132fa4e97e71159cf5ba52f4d31a56

  • SHA256

    5a7861eb0fe3a27d6d62d163ca81f35e2118de802fc9b52c45ddf7370eab621b

  • SHA512

    205e1f094d738cfbe61331931cfe979163881c13df33bb08cf913b21bc6c47334f5de89302527584fa01bafebd7febe3a86b48f8a8900f46781682e3a3fd3a6c

  • SSDEEP

    12288:/fRv8jUOXob23K/mPWLqi33oi/XieLOzTY7p+iapJdZszljW2cs2UhZQGBwEnGZe:hEjAwKeyqi3Yi/jOzTKp+PEW2QL7ZQlp

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Receipt.exe

    • Size

      1.1MB

    • MD5

      1d0c53e42bd84b7b7cfabed7dae7f570

    • SHA1

      0b0df40afe9bed5720c361fe7ed63395e1a25f41

    • SHA256

      ddadbda4f90dc1d05f3e78ac6e5009c2e6608137b60bce3427e25ffea1b4d944

    • SHA512

      9ab7671f48d5dbeb58c93b61998762ed91da2f566421ff11f53edfdb6a65af0199ff4bb31647ec296cae7f85ba7cfc71340fbb931e6a05fd5aa03a43f5026057

    • SSDEEP

      24576:cu6J33O0c+JY5UZ+XC0kGso6FaNAaW2Kh7ZClY9lnmWY:Gu0c++OCvkGs9FaNAaWphNCC1Y

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks