General

  • Target

    1593138acaab817fa43fb8649784ed3c3bfecc2f4ba396c1775c8f708b0e8ef1

  • Size

    622KB

  • Sample

    241209-phtffs1rhl

  • MD5

    399afaa0d3c1367ed9bd3f4bbbb422f2

  • SHA1

    6beb7089080bb995da2ee76cede93f433c7e0d46

  • SHA256

    1593138acaab817fa43fb8649784ed3c3bfecc2f4ba396c1775c8f708b0e8ef1

  • SHA512

    a458fd40f0a91653a1b5e8d72ec6db4fef9097d1cdbbb6b46d2fdea90e65e548caa9e519fd231e84a116107ac8bd8ad000997ea17bc07ace9ff650e835b33e34

  • SSDEEP

    12288:HTzJh/K72TQ9GEF5QH5/ptMOW1T2eOsb7uD8CHO5AzsrYEd5jlbc/1xh:zz/K72TQ0EvAbW1T2ex28kg4zSjlw

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Maria Sibirtseva Professional CV.exe

    • Size

      1021KB

    • MD5

      0757b1febdbd6a69bd416a525459cd4d

    • SHA1

      9a7e1c1857ced94f87e000b8e37602633cd10e2f

    • SHA256

      4467e8fbcd2f915ea98a7fac491ef2e3e233267b8623657276a6296f1e686a8a

    • SHA512

      e27acca0da38aff16382a401caadf146c8a4634956a650a673c27e203e79d91dfddb823d67ff3e891e2c34b690ab5df7007313857a1834a863377fdfdcd2982c

    • SSDEEP

      24576:Zu6J33O0c+JY5UZ+XC0kGso6FaqZ8ke4VijTZ2KWY:bu0c++OCvkGs9Faqey+TUY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks