General

  • Target

    0456035cb04fa6306a96e0b77e87d2073aec8b776e83ea4100918cc9dbf20c42

  • Size

    738KB

  • Sample

    241209-r79j3s1mfy

  • MD5

    c7100dba7b966254dc191690361ef923

  • SHA1

    9948c88a45b111a11362e22670ed8de5878ad744

  • SHA256

    0456035cb04fa6306a96e0b77e87d2073aec8b776e83ea4100918cc9dbf20c42

  • SHA512

    0066691d5098983e1832b8da4a8349fd567d1db4a523aac93fda26c4d543a478213ea276401514c8f2a6210109e149772579f2d1b49fbafe04b1b5194a9951e6

  • SSDEEP

    12288:K2sqEOzNebvPSciZr/zrin4MRC/39h/fOTEfpyoF5WiV5CnsA0b1MDAkOaQGwIp:K2sqEOzEj6ciZr/vin4M4fOCpciOnWxa

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      0456035cb04fa6306a96e0b77e87d2073aec8b776e83ea4100918cc9dbf20c42

    • Size

      738KB

    • MD5

      c7100dba7b966254dc191690361ef923

    • SHA1

      9948c88a45b111a11362e22670ed8de5878ad744

    • SHA256

      0456035cb04fa6306a96e0b77e87d2073aec8b776e83ea4100918cc9dbf20c42

    • SHA512

      0066691d5098983e1832b8da4a8349fd567d1db4a523aac93fda26c4d543a478213ea276401514c8f2a6210109e149772579f2d1b49fbafe04b1b5194a9951e6

    • SSDEEP

      12288:K2sqEOzNebvPSciZr/zrin4MRC/39h/fOTEfpyoF5WiV5CnsA0b1MDAkOaQGwIp:K2sqEOzEj6ciZr/vin4M4fOCpciOnWxa

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks